fabi/xenia-rs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6271ba1f55aa6d1a8aac9a0b3db35aa5ef3f6a21
xenia-rs/audit-runs/audit-059-handle-disambiguation/round-A6-canary-822F1AA8/canary.stdout
MechaCat02 52c30d82a7 [AUDIT-059 R-A] Phase A backward-trace: divergence is sub_822F1AA8 loop exit, not factory/registry 
Round-37 anchor reframe: both engines install the SAME static .rdata vtable
0x820A183C at [0x828E1F08]. Instance VAs differ only because of ε-class
allocator divergence (audit-043). vtable bytes byte-identical; the user
prompt's "factory/registry" framing was falsified.

Phase A walkthrough (rounds A1..A8):
- A.1 canary --audit_jit_prolog_pc=0x821741C8: tid=6, r3=0xBCCC4A80 (= inner
  sub-object of [0x828E1F08]'s singleton), LR=0x822F1D5C (return-from-bctrl
  inside sub_822F1AA8)
- A.2 found tid=6 spawn site sub_821746B0 at PC 0x82174824 spawning
  entry=sub_821748F0 ctx=BC365700/BC366DA0. sub_822F1AA8 ALSO spawns a
  second thread (entry=sub_822F1EE0 ctx=BCE24A40) at PC 0x822F1B08
- A.3 sub_822F1AA8 has 2 callers, both in sub_8216EA68 (its sole caller is
  sub_824AB748 = entry_point)
- A.4 ours mirror probe: sub_821746B0 enters, [0x828E2B14] gate passes,
  ExCreateThread fires returning handle 0x1070 (= tid=13). Ours' tid=13
  IS the same logical thread as canary's spawned silph initializer
- A.5 canary --audit_jit_prolog_pc=0x821749C0: fires only 2× on short-lived
  tid=17, tid=26 (the spawned initializers — NOT tid=6)
- A.6 canary --audit_jit_prolog_pc=0x822F1AA8: fires 1× on tid=6 with
  r3=0xBCE24A40 LR=0x8216EE14 (the second sub_822F1AA8 call site)
- A.7 canary --audit_jit_prolog_pc=0x824AB748 (entry_point): fires on
  tid=00000006. CONFIRMS canary's tid=6 = canary's main thread.

Verdict: identical call chain entry_point → sub_8216EA68 → sub_822F1AA8 in
both engines; same controller (ε-divergent VA, byte-identical fields).
Canary's main thread stays in sub_822F1AA8's dispatcher loop firing
sub_821741C8 ~1678×/30s. Ours' main thread exits the loop and thread-joins
on the spawned initializer (tid=13), which is itself wedged on handle 0x1078
forever.

Loop exit is gated by bit 28 of [r30+0] (the controller's flag word). Same
value 0x21 at function entry in both engines. Some code between entry and
loop check sets bit 28 in ours but not in canary. Mem-watch on 0x40d09a40
shows zero guest stores in ours' 50M parallel run — setter is either a
kernel-side store, computed alias, or probe-quantum-elided JIT store.

Phase B classification: Class 3a (state-divergence on controller object).
The vtable is the same; the controller's bit 28 evolves differently during
sub_822F1AA8 setup. Class 4 (synthesis) is now less attractive since we
correctly reach the dispatcher with the right inputs — we just exit too
soon.

Phase C will need either JIT instrumentation to identify the bit-28 setter,
or a kernel-side hook to clear bit 28 on entry to the loop check site.

Findings notes:
- round-A4b-ours-spawn-gate/FINDINGS.md (spawn topology + tid mapping)
- round-A8-ours-822F1AA8-trace/FINDINGS.md (full loop structure + bit-28 gate)

New reading-error class #18: probe-output anchor misframing (singleton[VA]=X
vtable=Y was misread as "Y is canary-only vtable" when Y is the same
.rdata vtable in both engines).

Branch: iterate-2C/silph-ui-spawn-trace off master @ 229b46c.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-06-11 17:02:20 +02:00

59552 lines
4.8 MiB
Raw Blame History

i> 000000D4 Build: canary_experimental@99fd19d02 on Jun 5 2026
i> 000000D4 Storage root: Z:\home\fabi\RE Project Sylpheed\xenia-canary\build-cross\bin\Windows\Debug
i> 000000D4 ----------- CONFIG DUMP -----------
[APU]
apu = "any"
apu_max_queued_frames = 8
enable_xmp = true
ffmpeg_verbose = false
mute = false
use_dedicated_xma_thread = true
xma_decoder = "new"
[Auditing]
audit_handle_lifecycle = true
audit_jit_prolog_mem_dump = 0
audit_jit_prolog_pc = 2182918192
audit_jit_prolog_r3_bytes = 64
audit_track_event_handle = 0
[CPU]
break_condition_gpr = -1
break_condition_op = "eq"
break_condition_truncate = true
break_condition_value = 0
break_on_debugbreak = true
break_on_instruction = 0
break_on_start = false
break_on_unimplemented_instructions = true
clock_no_scaling = false
clock_source_raw = false
cpu = "any"
debug_symbol_loader = false
debugprint_trap_log = false
disable_context_promotion = false
disable_instruction_infocache = false
disable_prefetch_and_cachecontrol = true
disassemble_functions = false
dump_translated_hir_functions = false
elide_e0_check = false
emit_inline_mmio_checks = false
emit_mmio_aware_stores_for_recorded_exception_addresses = true
emit_source_annotations = false
enable_early_precompilation = false
full_optimization_even_with_debug = false
ignore_trap_instructions = true
ignore_undefined_externs = true
inline_loadclock = false
inline_mmio_access = true
load_module_map = ""
no_reserved_ops = false
no_round_to_single = false
permit_float_constant_evaluation = false
pvr = 7407360
record_mmio_access_exceptions = true
store_all_context_values = false
trace_function_coverage = false
trace_function_data = false
trace_function_data_path = ""
trace_function_references = false
trace_functions = false
use_fast_dot_product = false
validate_hir = false
writable_code_segments = false
[Config]
defaults_date = 2026040912
[Content]
license_mask = 0
[D3D12]
d3d12_adapter = -1
d3d12_allow_variable_refresh_rate_and_tearing = true
d3d12_bindless = true
d3d12_break_on_error = false
d3d12_break_on_warning = false
d3d12_debug = false
d3d12_dxbc_disasm = false
d3d12_dxbc_disasm_dxilconv = false
d3d12_pipeline_creation_threads = -1
d3d12_queue_priority = 1
d3d12_submit_on_primary_buffer_end = true
d3d12_tessellation_wireframe = false
[Display]
fullscreen = false
host_present_from_non_ui_thread = true
postprocess_antialiasing = ""
postprocess_dither = true
postprocess_ffx_cas_additional_sharpness = 0
postprocess_ffx_fsr_max_upsampling_passes = 4
postprocess_ffx_fsr_sharpness_reduction = 0.20000000298023224
postprocess_scaling_and_sharpening = ""
present_letterbox = true
present_render_pass_clear = true
present_safe_area_x = 100
present_safe_area_y = 100
[GPU]
anisotropic_override = -1
async_shader_compilation = true
clear_memory_page_state = false
depth_float24_convert_in_pixel_shader = false
depth_float24_round = false
depth_transfer_not_equal_test = true
disassemble_pm4 = false
draw_resolution_scale_x = 1
draw_resolution_scale_y = 1
draw_resolution_scaled_texture_offsets = true
dump_shaders = ""
dxbc_source_map = false
dxbc_switch = true
execute_unclipped_draw_vs_on_cpu = true
execute_unclipped_draw_vs_on_cpu_for_psi_render_backend = true
execute_unclipped_draw_vs_on_cpu_with_scissor = false
force_convert_line_loops_to_strips = false
force_convert_quad_lists_to_triangle_lists = false
force_convert_triangle_fans_to_lists = false
framerate_limit = 0
gamma_render_target_as_unorm16 = true
gpu = "any"
gpu_3d_to_2d_texture = true
gpu_allow_invalid_fetch_constants = true
gpu_allow_invalid_upload_range = false
half_pixel_offset = true
ignore_32bit_vertex_index_support = false
log_guest_driven_gpu_register_written_values = false
log_ringbuffer_kickoff_initiator_bts = false
mrt_edram_used_range_clamp_to_min = true
native_2x_msaa = true
native_stencil_value_output = true
native_stencil_value_output_d3d12_intel = false
no_discard_stencil_in_transfer_pipelines = false
non_seamless_cube_map = true
occlusion_query = "fast"
occlusion_query_fake_lower_threshold = 80
occlusion_query_fake_upper_threshold = 100
occlusion_query_querybatch_range = 0
occlusion_query_saturation = 1
primitive_processor_cache_min_indices = 4096
readback_memexport = false
readback_resolve = "none"
render_target_path_d3d12 = ""
render_target_path_vulkan = ""
resolve_resolution_scale_fill_half_pixel_offset = true
snorm16_render_target_full_range = true
store_shaders = true
target_trace_file = ""
texture_cache_memory_limit_hard = 768
texture_cache_memory_limit_render_to_texture = 24
texture_cache_memory_limit_soft = 384
texture_cache_memory_limit_soft_lifetime = 30
tiled_shared_memory = true
trace_dump_path = ""
trace_gpu_prefix = "scratch/gpu/"
trace_gpu_stream = false
use_fuzzy_alpha_epsilon = false
vsync = true
[General]
allow_game_relative_writes = false
allow_plugins = false
apply_patches = true
controller_hotkeys = false
debug = false
disable_doubleclick_fullscreen = false
discord = true
launch_module = ""
notification_sound_path = ""
priority_class = 0
recent_titles_entry_amount = 10
time_scalar = 1
[HACKS]
ac6_ground_fix = false
[HID]
guide_button = true
hid = "any"
keyboard_mode = 0
keyboard_user_index = 0
left_stick_deadzone_percentage = 0
right_stick_deadzone_percentage = 0
vibration = true
[HID.WinKey]
keybind_a = "0xBA"
keybind_b = "0xDE"
keybind_back = "Z"
keybind_dpad_down = "^S"
keybind_dpad_left = "^A"
keybind_dpad_right = "^D"
keybind_dpad_up = "^W"
keybind_guide = "0x08"
keybind_left_shoulder = "1"
keybind_left_thumb = "F"
keybind_left_thumb_down = "_S"
keybind_left_thumb_left = "_A"
keybind_left_thumb_right = "_D"
keybind_left_thumb_up = "_W"
keybind_left_trigger = "Q I"
keybind_right_shoulder = "3"
keybind_right_thumb = "K"
keybind_right_thumb_down = "0x28"
keybind_right_thumb_left = "0x25"
keybind_right_thumb_right = "0x27"
keybind_right_thumb_up = "0x26"
keybind_right_trigger = "E O"
keybind_start = "X"
keybind_x = "L"
keybind_y = "P"
[Kernel]
allow_avatar_initialization = false
allow_incompatible_title_update = true
apply_title_update = true
cl = ""
console_type = 0
default_achievements_backend = "GPD"
ignore_thread_affinities = true
ignore_thread_priorities = false
kernel_build_version = 1888
kernel_cert_monitor = false
kernel_debug_monitor = false
kernel_display_gamma_power = 2.22222233
kernel_display_gamma_type = 2
kernel_pix = false
staging_mode = false
[Logging]
enable_console = false
flush_log = true
log_file = ""
log_high_frequency_kernel_calls = false
log_level = 2
log_mask = 0
log_string_format_kernel_calls = false
log_to_debugprint = false
log_to_stdout = true
[Memory]
ignore_offset_for_ranged_allocations = false
protect_on_release = false
protect_zero = true
scribble_heap = false
scribble_heap_value = 0
writable_executable_memory = true
[Profiles]
logged_profile_slot_0_xuid = ""
logged_profile_slot_1_xuid = ""
logged_profile_slot_2_xuid = ""
logged_profile_slot_3_xuid = ""
[SDL]
mappings_file = "gamecontrollerdb.txt"
[Storage]
cache_root = ""
content_root = ""
force_mount_devkit = false
mount_cache = true
mount_memory_unit = false
mount_scratch = false
storage_root = ""
[UI]
custom_font_path = ""
font_size = 14
headless = false
imgui_debug = false
profiler_dpi_scaling = false
show_achievement_notification = false
show_profiler = false
storage_selection_dialog = false
window_size_x = 1280
window_size_y = 720
[Video]
avpack = 8
custom_internal_display_resolution_x = 0
custom_internal_display_resolution_y = 0
enable_3d_mode = false
interlaced = false
[Vulkan]
vulkan_allow_present_mode_fifo_relaxed = true
vulkan_allow_present_mode_immediate = true
vulkan_allow_present_mode_mailbox = true
vulkan_device = -1
vulkan_log_debug_messages = true
vulkan_pipeline_creation_threads = -1
vulkan_semaphore_reuse_workaround = false
vulkan_sparse_shared_memory = true
vulkan_validation = false
[Win32]
win32_high_resolution_timer = true
win32_mmcss = true
[x64]
align_all_basic_blocks = 0
delay_via_maybeyield = false
enable_host_guest_stack_synchronization = true
enable_incorrect_roundingmode_behavior = false
enable_rmw_context_merging = false
instrument_call_times = false
max_stackpoints = 65536
x64_extension_mask = -1
xop_arithmetic_right_shifts = false
xop_compares = true
xop_left_shifts = false
xop_right_shifts = false
xop_rotates = false
----------- END OF CONFIG DUMP ----
i> 000000D4 Loaded config: Z:\home\fabi\RE Project Sylpheed\xenia-canary\build-cross\bin\Windows\Debug\xenia-canary.config.toml
i> 000000D4 Content root: Z:\home\fabi\RE Project Sylpheed\xenia-canary\build-cross\bin\Windows\Debug\content
i> 000000D4 Host cache root: Z:\home\fabi\RE Project Sylpheed\xenia-canary\build-cross\bin\Windows\Debug\cache_host
w> 000000D4 Unable to load Japanese font; JP characters will be boxes
w> 000000D4 Unable to load Japanese font; JP characters will be boxes
i> 00000124 Setup: Initializing Memory...
i> 00000124 Setup: Initializing Exports...
i> 00000124 Setup: Initializing Processor...
i> 00000124 Setup: Initializing Audio...
i> 00000124 Setup: Initializing Graphics...
i> 00000124 Setup: Initializing HID...
i> 00000124 winkey: "0x08" binds key 0x8 to controller input GUIDE.
i> 00000124 winkey: "^A" binds key 0x41 to controller input DPAD_LEFT.
i> 00000124 winkey: "^D" binds key 0x44 to controller input DPAD_RIGHT.
i> 00000124 winkey: "^S" binds key 0x53 to controller input DPAD_DOWN.
i> 00000124 winkey: "^W" binds key 0x57 to controller input DPAD_UP.
i> 00000124 winkey: "_A" binds key 0x41 to controller input LEFT_THUMB_LEFT.
i> 00000124 winkey: "_D" binds key 0x44 to controller input LEFT_THUMB_RIGHT.
i> 00000124 winkey: "_S" binds key 0x53 to controller input LEFT_THUMB_DOWN.
i> 00000124 winkey: "_W" binds key 0x57 to controller input LEFT_THUMB_UP.
i> 00000124 winkey: "F" binds key 0x46 to controller input LEFT_THUMB_PRESSED.
i> 00000124 winkey: "0x26" binds key 0x26 to controller input RIGHT_THUMB_UP.
i> 00000124 winkey: "0x28" binds key 0x28 to controller input RIGHT_THUMB_DOWN.
i> 00000124 winkey: "0x27" binds key 0x27 to controller input RIGHT_THUMB_RIGHT.
i> 00000124 winkey: "0x25" binds key 0x25 to controller input RIGHT_THUMB_LEFT.
i> 00000124 winkey: "K" binds key 0x4B to controller input RIGHT_THUMB_PRESSED.
i> 00000124 winkey: "L" binds key 0x4C to controller input X.
i> 00000124 winkey: "0xDE" binds key 0xDE to controller input B.
i> 00000124 winkey: "0xBA" binds key 0xBA to controller input A.
i> 00000124 winkey: "P" binds key 0x50 to controller input Y.
i> 00000124 winkey: "Q" binds key 0x51 to controller input LEFT_TRIGGER.
i> 00000124 winkey: "I" binds key 0x49 to controller input LEFT_TRIGGER.
i> 00000124 winkey: "E" binds key 0x45 to controller input RIGHT_TRIGGER.
i> 00000124 winkey: "O" binds key 0x4F to controller input RIGHT_TRIGGER.
i> 00000124 winkey: "Z" binds key 0x5A to controller input BACK.
i> 00000124 winkey: "X" binds key 0x58 to controller input START.
i> 00000124 winkey: "1" binds key 0x31 to controller input LEFT_SHOULDER.
i> 00000124 winkey: "3" binds key 0x33 to controller input RIGHT_SHOULDER.
i> 000000D4 SDL Version 2.32.2 initialized.
w> 000000D4 SDL GameControllerDB: file 'gamecontrollerdb.txt' does not exist.
i> 00000124 Setup: Initializing VFS...
i> 00000124 PatchDB: Loaded patches for 0 titles
i> 00000124 Setup: Initializing Kernel...
i> 00000124 ProfileManager: Found 0 Profiles
w> 00000124 BaseHeap::AllocFixed attempting commit on unreserved page
w> 00000124 BaseHeap::AllocFixed attempting commit on unreserved page
K> 00000124 AUDIT-HLC XEvent::Set handle=F8000000 kevent_va=00000000 prio=1 lr=00000000
i> 00000124 Setup: Starting graphics_system...
i> 00000124 DXGI adapter: NVIDIA GeForce GTX 1070 Ti (vendor 0x1002, device 0x73DF)
i> 00000124 Direct3D 12 device and OS features:
* Max GPU virtual address bits per resource: 40
* Non-zeroed heap creation: yes
* Pixel-shader-specified stencil reference: no
* Programmable sample positions: tier 0
* Rasterizer-ordered views: yes
* Resource binding: tier 3
* Tiled resources: tier 4
* Unaligned block-compressed textures: yes
i> 00000124 XThread01000010 (1) Stack: 70010000-70030000
i> 00000124 XThread01000014 (2) Stack: 70050000-70070000
i> 00000124 Setup: Starting audio_system...
K> 01000010 XThread::Execute thid 1 (handle=01000010, 'GPU Commands (01000010)', native=00000154, <host>)
K> 01000014 XThread::Execute thid 2 (handle=01000014, 'GPU Frame limiter (01000014)', native=00000158, <host>)
i> 00000124 XThread01000018 (3) Stack: 70090000-700B0000
i> 00000124 XThread0100001C (4) Stack: 700D0000-700F0000
K> 01000018 XThread::Execute thid 3 (handle=01000018, 'XMA Decoder (01000018)', native=00000180, <host>)
K> 0100001C XThread::Execute thid 4 (handle=0100001C, 'Audio Worker (0100001C)', native=00000184, <host>)
i> 000000D4 Checking for XISO
F> 000000D4 DiscImageDevice::Initialize
i> 000000D4 Checking for XISO
F> 000000D4 DiscImageDevice::Initialize
F> 000000D4 DiscImageDevice::Initialize
i> 000000D4 Loading module GAME:\default.xex
F> 000000D4 DiscImageDevice::ResolvePath(\default.xex)
i> 000000D4 Module \Device\Cdrom0\default.xex:
Module Hash: CCF935D24A74E002
Module Flags: 00000001
XEX_MODULE_TITLE
Security Header:
Image Flags: 00000008
XEX_IMAGE_XGD2_MEDIA_ONLY
Load Address: 82000000
Image Size: 00920000
Export Table: 00000000
Optional Header Count: 15
XEX_HEADER_RESOURCE_INFO:
535107D4 828FB900-8291D8CF, 139215b
XEX_HEADER_FILE_FORMAT_INFO:
Info Size: 36
Encryption Type: Normal
Compression Type: Normal
Window Size: 32768
Block Size: 61440
Block Hash: B3 2B D7 D4 EF 96 9A C5 9F D7 77 C6 8A 99 AA 1C BD 87 1C BE 00 90 2E F1 46 3F A3 D7 00 00 00 10
XEX_HEADER_ENTRY_POINT: 824AB748
XEX_HEADER_IMAGE_BASE_ADDRESS: 82000000
XEX_HEADER_IMPORT_LIBRARIES:
xam.xex - 104 imports
Version: 2.0.4552.0
Min Version: 2.0.4552.0
xboxkrnl.exe - 294 imports
Version: 2.0.4552.0
Min Version: 2.0.4552.0
XEX_HEADER_CHECKSUM_TIMESTAMP:
Checksum : 00902EF1
Time Stamp: 463FA3D7 - Tue May 8 00:10:31 2007
XEX_HEADER_ORIGINAL_PE_NAME: default.pe
XEX_HEADER_STATIC_LIBRARIES:
XAPILIB : 2.0.3215.0
D3D9 : 2.0.3215.1
D3DX9 : 2.0.3215.0
XBOXKRNL : 2.0.3215.0
XAUD : 2.0.3215.0
LIBCPMT : 2.0.3215.0
XMP : 2.0.3215.0
XMEDIA : 2.0.3215.0
XONLINE : 2.0.3215.0
XGRAPHC : 2.0.3215.0
X3DAUD : 2.0.3215.1
XACT : 2.0.3215.1
XEX_HEADER_TLS_INFO:
Slot Count: 64
Raw Data Address: 00000000
Data Size: 0
Raw Data Size: 0
XEX_HEADER_DEFAULT_STACK_SIZE: 524288
XEX_HEADER_SYSTEM_FLAGS: 00000400
XEX_SYSTEM_PAL50_INCOMPATIBLE
XEX_HEADER_EXECUTION_INFO:
Media ID: 2D2E2EEB
Title ID: 535107D4
Savegame ID: 535107D4
Disc Number / Total: 1 / 1
XEX_HEADER_GAME_RATINGS:
ESRB: Teen
PEGI: 12+
PEGI-FI: 11+
PEGI - PT: 12+
BBFC: 12+
CERO: Unrated
USK: Approved for children aged 12 and above
OFLC - AU: Parental Guidance
OFLC - NZ: Parental Guidance
KMRB: Unrated
Brazil: Unrated
FPB: 13+
XEX_HEADER_LAN_KEY: E0 3C EA 47 3C AE 06 62 98 8F DB 7F 58 50 12 38
XEX_HEADER_XBOX360_LOGO:
Section Size: 1736
Logo Size: 1728
Sections:
0 RODATA 1 pages 82000000 - 82010000 (65536 bytes)
1 RODATA 1 pages 82010000 - 82020000 (65536 bytes)
2 RODATA 1 pages 82020000 - 82030000 (65536 bytes)
3 RODATA 1 pages 82030000 - 82040000 (65536 bytes)
4 RODATA 1 pages 82040000 - 82050000 (65536 bytes)
5 RODATA 1 pages 82050000 - 82060000 (65536 bytes)
6 RODATA 1 pages 82060000 - 82070000 (65536 bytes)
7 RODATA 1 pages 82070000 - 82080000 (65536 bytes)
8 RODATA 1 pages 82080000 - 82090000 (65536 bytes)
9 RODATA 1 pages 82090000 - 820A0000 (65536 bytes)
10 RODATA 1 pages 820A0000 - 820B0000 (65536 bytes)
11 RODATA 1 pages 820B0000 - 820C0000 (65536 bytes)
12 RODATA 1 pages 820C0000 - 820D0000 (65536 bytes)
13 RODATA 1 pages 820D0000 - 820E0000 (65536 bytes)
14 RODATA 1 pages 820E0000 - 820F0000 (65536 bytes)
15 RODATA 1 pages 820F0000 - 82100000 (65536 bytes)
16 RODATA 1 pages 82100000 - 82110000 (65536 bytes)
17 RODATA 1 pages 82110000 - 82120000 (65536 bytes)
18 RODATA 1 pages 82120000 - 82130000 (65536 bytes)
19 RODATA 1 pages 82130000 - 82140000 (65536 bytes)
20 RODATA 1 pages 82140000 - 82150000 (65536 bytes)
21 CODE 1 pages 82150000 - 82160000 (65536 bytes)
22 CODE 1 pages 82160000 - 82170000 (65536 bytes)
23 CODE 1 pages 82170000 - 82180000 (65536 bytes)
24 CODE 1 pages 82180000 - 82190000 (65536 bytes)
25 CODE 1 pages 82190000 - 821A0000 (65536 bytes)
26 CODE 1 pages 821A0000 - 821B0000 (65536 bytes)
27 CODE 1 pages 821B0000 - 821C0000 (65536 bytes)
28 CODE 1 pages 821C0000 - 821D0000 (65536 bytes)
29 CODE 1 pages 821D0000 - 821E0000 (65536 bytes)
30 CODE 1 pages 821E0000 - 821F0000 (65536 bytes)
31 CODE 1 pages 821F0000 - 82200000 (65536 bytes)
32 CODE 1 pages 82200000 - 82210000 (65536 bytes)
33 CODE 1 pages 82210000 - 82220000 (65536 bytes)
34 CODE 1 pages 82220000 - 82230000 (65536 bytes)
35 CODE 1 pages 82230000 - 82240000 (65536 bytes)
36 CODE 1 pages 82240000 - 82250000 (65536 bytes)
37 CODE 1 pages 82250000 - 82260000 (65536 bytes)
38 CODE 1 pages 82260000 - 82270000 (65536 bytes)
39 CODE 1 pages 82270000 - 82280000 (65536 bytes)
40 CODE 1 pages 82280000 - 82290000 (65536 bytes)
41 CODE 1 pages 82290000 - 822A0000 (65536 bytes)
42 CODE 1 pages 822A0000 - 822B0000 (65536 bytes)
43 CODE 1 pages 822B0000 - 822C0000 (65536 bytes)
44 CODE 1 pages 822C0000 - 822D0000 (65536 bytes)
45 CODE 1 pages 822D0000 - 822E0000 (65536 bytes)
46 CODE 1 pages 822E0000 - 822F0000 (65536 bytes)
47 CODE 1 pages 822F0000 - 82300000 (65536 bytes)
48 CODE 1 pages 82300000 - 82310000 (65536 bytes)
49 CODE 1 pages 82310000 - 82320000 (65536 bytes)
50 CODE 1 pages 82320000 - 82330000 (65536 bytes)
51 CODE 1 pages 82330000 - 82340000 (65536 bytes)
52 CODE 1 pages 82340000 - 82350000 (65536 bytes)
53 CODE 1 pages 82350000 - 82360000 (65536 bytes)
54 CODE 1 pages 82360000 - 82370000 (65536 bytes)
55 CODE 1 pages 82370000 - 82380000 (65536 bytes)
56 CODE 1 pages 82380000 - 82390000 (65536 bytes)
57 CODE 1 pages 82390000 - 823A0000 (65536 bytes)
58 CODE 1 pages 823A0000 - 823B0000 (65536 bytes)
59 CODE 1 pages 823B0000 - 823C0000 (65536 bytes)
60 CODE 1 pages 823C0000 - 823D0000 (65536 bytes)
61 CODE 1 pages 823D0000 - 823E0000 (65536 bytes)
62 CODE 1 pages 823E0000 - 823F0000 (65536 bytes)
63 CODE 1 pages 823F0000 - 82400000 (65536 bytes)
64 CODE 1 pages 82400000 - 82410000 (65536 bytes)
65 CODE 1 pages 82410000 - 82420000 (65536 bytes)
66 CODE 1 pages 82420000 - 82430000 (65536 bytes)
67 CODE 1 pages 82430000 - 82440000 (65536 bytes)
68 CODE 1 pages 82440000 - 82450000 (65536 bytes)
69 CODE 1 pages 82450000 - 82460000 (65536 bytes)
70 CODE 1 pages 82460000 - 82470000 (65536 bytes)
71 CODE 1 pages 82470000 - 82480000 (65536 bytes)
72 CODE 1 pages 82480000 - 82490000 (65536 bytes)
73 CODE 1 pages 82490000 - 824A0000 (65536 bytes)
74 CODE 1 pages 824A0000 - 824B0000 (65536 bytes)
75 CODE 1 pages 824B0000 - 824C0000 (65536 bytes)
76 CODE 1 pages 824C0000 - 824D0000 (65536 bytes)
77 CODE 1 pages 824D0000 - 824E0000 (65536 bytes)
78 CODE 1 pages 824E0000 - 824F0000 (65536 bytes)
79 CODE 1 pages 824F0000 - 82500000 (65536 bytes)
80 CODE 1 pages 82500000 - 82510000 (65536 bytes)
81 CODE 1 pages 82510000 - 82520000 (65536 bytes)
82 CODE 1 pages 82520000 - 82530000 (65536 bytes)
83 CODE 1 pages 82530000 - 82540000 (65536 bytes)
84 CODE 1 pages 82540000 - 82550000 (65536 bytes)
85 CODE 1 pages 82550000 - 82560000 (65536 bytes)
86 CODE 1 pages 82560000 - 82570000 (65536 bytes)
87 CODE 1 pages 82570000 - 82580000 (65536 bytes)
88 CODE 1 pages 82580000 - 82590000 (65536 bytes)
89 CODE 1 pages 82590000 - 825A0000 (65536 bytes)
90 CODE 1 pages 825A0000 - 825B0000 (65536 bytes)
91 CODE 1 pages 825B0000 - 825C0000 (65536 bytes)
92 CODE 1 pages 825C0000 - 825D0000 (65536 bytes)
93 CODE 1 pages 825D0000 - 825E0000 (65536 bytes)
94 CODE 1 pages 825E0000 - 825F0000 (65536 bytes)
95 CODE 1 pages 825F0000 - 82600000 (65536 bytes)
96 CODE 1 pages 82600000 - 82610000 (65536 bytes)
97 CODE 1 pages 82610000 - 82620000 (65536 bytes)
98 CODE 1 pages 82620000 - 82630000 (65536 bytes)
99 CODE 1 pages 82630000 - 82640000 (65536 bytes)
100 CODE 1 pages 82640000 - 82650000 (65536 bytes)
101 CODE 1 pages 82650000 - 82660000 (65536 bytes)
102 CODE 1 pages 82660000 - 82670000 (65536 bytes)
103 CODE 1 pages 82670000 - 82680000 (65536 bytes)
104 CODE 1 pages 82680000 - 82690000 (65536 bytes)
105 CODE 1 pages 82690000 - 826A0000 (65536 bytes)
106 CODE 1 pages 826A0000 - 826B0000 (65536 bytes)
107 CODE 1 pages 826B0000 - 826C0000 (65536 bytes)
108 CODE 1 pages 826C0000 - 826D0000 (65536 bytes)
109 CODE 1 pages 826D0000 - 826E0000 (65536 bytes)
110 CODE 1 pages 826E0000 - 826F0000 (65536 bytes)
111 CODE 1 pages 826F0000 - 82700000 (65536 bytes)
112 CODE 1 pages 82700000 - 82710000 (65536 bytes)
113 CODE 1 pages 82710000 - 82720000 (65536 bytes)
114 CODE 1 pages 82720000 - 82730000 (65536 bytes)
115 CODE 1 pages 82730000 - 82740000 (65536 bytes)
116 CODE 1 pages 82740000 - 82750000 (65536 bytes)
117 CODE 1 pages 82750000 - 82760000 (65536 bytes)
118 CODE 1 pages 82760000 - 82770000 (65536 bytes)
119 CODE 1 pages 82770000 - 82780000 (65536 bytes)
120 CODE 1 pages 82780000 - 82790000 (65536 bytes)
121 CODE 1 pages 82790000 - 827A0000 (65536 bytes)
122 CODE 1 pages 827A0000 - 827B0000 (65536 bytes)
123 CODE 1 pages 827B0000 - 827C0000 (65536 bytes)
124 CODE 1 pages 827C0000 - 827D0000 (65536 bytes)
125 CODE 1 pages 827D0000 - 827E0000 (65536 bytes)
126 CODE 1 pages 827E0000 - 827F0000 (65536 bytes)
127 CODE 1 pages 827F0000 - 82800000 (65536 bytes)
128 CODE 1 pages 82800000 - 82810000 (65536 bytes)
129 CODE 1 pages 82810000 - 82820000 (65536 bytes)
130 CODE 1 pages 82820000 - 82830000 (65536 bytes)
131 CODE 1 pages 82830000 - 82840000 (65536 bytes)
132 CODE 1 pages 82840000 - 82850000 (65536 bytes)
133 CODE 1 pages 82850000 - 82860000 (65536 bytes)
134 CODE 1 pages 82860000 - 82870000 (65536 bytes)
135 RWDATA 1 pages 82870000 - 82880000 (65536 bytes)
136 RWDATA 1 pages 82880000 - 82890000 (65536 bytes)
137 RWDATA 1 pages 82890000 - 828A0000 (65536 bytes)
138 RWDATA 1 pages 828A0000 - 828B0000 (65536 bytes)
139 RWDATA 1 pages 828B0000 - 828C0000 (65536 bytes)
140 RWDATA 1 pages 828C0000 - 828D0000 (65536 bytes)
141 RWDATA 1 pages 828D0000 - 828E0000 (65536 bytes)
142 RWDATA 1 pages 828E0000 - 828F0000 (65536 bytes)
143 RWDATA 1 pages 828F0000 - 82900000 (65536 bytes)
144 RWDATA 1 pages 82900000 - 82910000 (65536 bytes)
145 RWDATA 1 pages 82910000 - 82920000 (65536 bytes)
Imports:
xam - 52 imports
Version: 0.0.4552.32
Min Version: 0.0.4552.32
Total: 52
Known: 100% (52 known, 0 unknown)
Implemented: 98% (51 implemented, 1 unimplemented)
F 82000600 8284DA7C 28C ( 652) XNotifyPositionUI
F 82000604 8284DA8C 2BC ( 700) XamShowSigninUI
F 82000608 8284DA9C 2C1 ( 705) XamShowKeyboardUI
F 8200060C 8284DAAC 2D5 ( 725) !! XamShowGamerCardUIForXUID
F 82000610 8284DABC 2CB ( 715) XamShowDeviceSelectorUI
F 82000614 8284DACC 2D9 ( 729) XamShowDirtyDiscErrorUI
F 82000618 8284DADC 1B3 ( 435) XamTaskShouldExit
F 8200061C 8284DAEC 1B1 ( 433) XamTaskCloseHandle
F 82000620 8284DAFC 1AF ( 431) XamTaskSchedule
F 82000624 8284DB0C 1A4 ( 420) XamLoaderLaunchTitle
F 82000628 8284DB1C 1F7 ( 503) XMsgStartIORequest
F 8200062C 8284DB2C 20E ( 526) XamUserGetName
F 82000630 8284DB3C 210 ( 528) XamUserGetSigninState
F 82000634 8284DB4C 282 ( 642) XamGetSystemVersion
F 82000638 8284DB5C 2F7 ( 759) XamUserCreateStatsEnumerator
F 8200063C 8284DB6C 2EE ( 750) XamUserCreateAchievementEnumerator
F 82000640 8284DB7C 20A ( 522) XamUserGetXUID
F 82000644 8284DB8C 250 ( 592) XamEnumerate
F 82000648 8284DB9C 3CC ( 972) XGetGameRegion
F 8200064C 8284DBAC 190 ( 400) XamInputGetCapabilities
F 82000650 8284DBBC 191 ( 401) XamInputGetState
F 82000654 8284DBCC 192 ( 402) XamInputSetState
F 82000658 8284DBDC 198 ( 408) XamInputGetKeystrokeEx
F 8200065C 8284DBEC 258 ( 600) XamContentCreate
F 82000660 8284DBFC 25B ( 603) XamContentDelete
F 82000664 8284DC0C 25A ( 602) XamContentClose
F 82000668 8284DC1C 260 ( 608) XamContentSetThumbnail
F 8200066C 8284DC2C 262 ( 610) XamContentGetCreator
F 82000670 8284DC3C 25C ( 604) XamContentCreateEnumerator
F 82000674 8284DC4C 265 ( 613) XamContentGetDeviceState
F 82000678 8284DC5C 25E ( 606) XamContentGetDeviceData
F 8200067C 8284DC6C 25F ( 607) XamContentGetDeviceName
F 82000680 8284DC7C 1A0 ( 416) XamEnableInactivityProcessing
F 82000684 8284DC8C 1A1 ( 417) XamResetInactivity
F 82000688 8284DC9C 2DC ( 732) XamShowMessageBoxUIEx
F 8200068C 8284DCAC 3CD ( 973) XGetLanguage
F 82000690 8284DCBC 3CB ( 971) XGetAVPack
F 82000694 8284DCCC 1A9 ( 425) XamLoaderTerminateTitle
F 82000698 8284DCDC 280 ( 640) XamGetExecutionId
F 8200069C 8284E45C 28B ( 651) XNotifyGetNext
F 820006A0 8284E44C 002 ( 2) NetDll_WSACleanup
F 820006A4 8284E43C 001 ( 1) NetDll_WSAStartup
F 820006A8 8284E46C 28A ( 650) XamNotifyCreateListener
F 820006AC 8284E42C 316 ( 790) XamSessionCreateHandle
F 820006B0 8284E41C 317 ( 791) XamSessionRefObjByHandle
F 820006B4 8284E40C 21A ( 538) XamUserWriteProfileSettings
F 820006B8 8284E3FC 219 ( 537) XamUserReadProfileSettings
F 820006BC 8284E3EC 1EA ( 490) XamAlloc
F 820006C0 8284E3DC 1EC ( 492) XamFree
F 820006C4 8284E3CC 3D1 ( 977) XGetVideoMode
F 820006C8 8284E3BC 1F4 ( 500) XMsgInProcessCall
F 820006CC 8284E3AC 1FC ( 508) XMsgStartIORequestEx
xboxkrnl - 152 imports
Version: 0.0.4552.32
Min Version: 0.0.4552.32
Total: 152
Known: 100% (152 known, 0 unknown)
Implemented: 95% (145 implemented, 7 unimplemented)
F 820006D4 8284E1FC 0B4 ( 180) KfReleaseSpinLock
F 820006D8 8284E20C 0B1 ( 177) KfAcquireSpinLock
F 820006DC 8284E21C 1DF ( 479) KiApcNormalRoutineNop
F 820006E0 8284E22C 1B6 ( 438) VdEnableRingBufferRPtrWriteBack
F 820006E4 8284E23C 1C3 ( 451) VdInitializeRingBuffer
F 820006E8 8284E24C 0BE ( 190) MmGetPhysicalAddress
F 820006EC 8284E25C 1D9 ( 473) VdSetSystemCommandBufferGpuIdentifierAddress
F 820006F0 8284E26C 13B ( 315) sprintf
F 820006F4 8284E27C 1B9 ( 441) VdGetCurrentDisplayGamma
V 820006F8 266 ( 614) KeCertMonitorData
F 820006FC 8284E28C 14D ( 333) _vsnprintf
V 82000700 158 ( 344) XboxKrnlVersion
F 82000704 8284E29C 1DC ( 476) VdShutdownEngines
F 82000708 8284E2AC 1CA ( 458) VdQueryVideoMode
F 8200070C 8284E2BC 1BA ( 442) VdGetCurrentDisplayInformation
F 82000710 8284E2CC 1D3 ( 467) VdSetDisplayMode
F 82000714 8284E2DC 1D5 ( 469) VdSetGraphicsInterruptCallback
F 82000718 8284E2EC 1C2 ( 450) VdInitializeEngines
F 8200071C 8284E2FC 1C6 ( 454) VdIsHSIOTrainingSucceeded
F 82000720 8284E30C 1C9 ( 457) VdQueryVideoFlags
F 82000724 8284E31C 1B1 ( 433) VdCallGraphicsNotificationRoutines
V 82000728 1C0 ( 448) VdGpuClockInMHz
F 8200072C 8284E32C 1C5 ( 453) VdInitializeScalerCommandBuffer
F 82000730 8284E33C 269 ( 617) VdRetrainEDRAM
F 82000734 8284E34C 26A ( 618) VdRetrainEDRAMWorker
V 82000738 1C1 ( 449) VdHSIOCalibrationLock
F 8200073C 8284E35C 06B ( 107) KeLockL2
F 82000740 8284E36C 06C ( 108) KeUnlockL2
F 82000744 8284E37C 1C7 ( 455) VdPersistDisplay
F 82000748 8284E38C 25B ( 603) VdSwap
F 8200074C 8284E39C 1BD ( 445) VdGetSystemCommandBuffer
V 82000750 1BE ( 446) VdGlobalDevice
F 82000754 8284E1EC 04D ( 77) KeAcquireSpinLockAtRaisedIrql
F 82000758 8284E1DC 089 ( 137) KeReleaseSpinLockFromRaisedIrql
F 8200075C 8284E1CC 1B4 ( 436) VdEnableDisableClockGating
F 82000760 8284E1BC 13F ( 319) RtlTimeFieldsToTime
F 82000764 8284E1AC 136 ( 310) RtlRaiseException
F 82000768 8284E19C 0EE ( 238) NtQueryVirtualMemory
F 8200076C 8284E18C 11B ( 283) RtlCompareMemoryUlong
F 82000770 8284E17C 066 ( 102) KeGetCurrentProcessType
F 82000774 8284E16C 053 ( 83) KeBugCheckEx
F 82000778 8284E15C 126 ( 294) RtlFillMemoryUlong
V 8200077C 1AE ( 430) ExLoadedCommandLine
F 82000780 8284E14C 05A ( 90) KeDelayExecutionThread
F 82000784 8284E13C 143 ( 323) RtlUnicodeToMultiByteN
F 82000788 8284E12C 0E4 ( 228) NtQueryDirectoryFile
F 8200078C 8284E10C 019 ( 25) ExTerminateThread
F 82000790 8284E0FC 09B ( 155) KeSetCurrentStackPointers
F 82000794 8284E0EC 197 ( 407) XexGetProcedureAddress
F 82000798 8284E0DC 03C ( 60) !! IoDismountVolumeByFileHandle
F 8200079C 8284E0CC 0D9 ( 217) NtDeviceIoControlFile
F 820007A0 8284E0BC 028 ( 40) HalReturnToFirmware
F 820007A4 8284E0AC 003 ( 3) DbgPrint
F 820007A8 8284E09C 140 ( 320) RtlTimeToTimeFields
F 820007AC 8284E08C 0FE ( 254) NtWaitForMultipleObjectsEx
F 820007B0 8284E07C 0F3 ( 243) NtReleaseSemaphore
F 820007B4 8284E06C 0D5 ( 213) NtCreateSemaphore
F 820007B8 8284E05C 084 ( 132) KeQuerySystemTime
F 820007BC 8284E04C 0E8 ( 232) NtQueryInformationFile
F 820007C0 8284E03C 0F7 ( 247) NtSetInformationFile
F 820007C4 8284E02C 0FD ( 253) NtWaitForSingleObjectEx
F 820007C8 8284E01C 0CE ( 206) NtClearEvent
F 820007CC 8284E00C 0F5 ( 245) NtResumeThread
V 820007D0 0AD ( 173) KeTimeStampBundle
F 820007D4 8284DFFC 010 ( 16) ExGetXConfigSetting
V 820007D8 059 ( 89) KeDebugMonitorData
F 820007DC 8284DFEC 097 ( 151) KeSetAffinityThread
F 820007E0 8284DFDC 0FC ( 252) NtSuspendThread
F 820007E4 8284DFCC 081 ( 129) KeQueryBasePriorityThread
V 820007E8 01B ( 27) ExThreadObjectType
F 820007EC 8284DFBC 110 ( 272) ObReferenceObjectByHandle
F 820007F0 8284DFAC 099 ( 153) KeSetBasePriorityThread
F 820007F4 8284DF9C 10B ( 267) ObLookupThreadByThreadId
F 820007F8 8284DF8C 10E ( 270) ObOpenObjectByPointer
F 820007FC 8284DF7C 0DA ( 218) NtDuplicateObject
F 82000800 8284DF6C 101 ( 257) NtYieldExecution
F 82000804 8284DF5C 0F6 ( 246) NtSetEvent
F 82000808 8284DF4C 052 ( 82) KeBugCheck
F 8200080C 8284DF3C 0BC ( 188) MmDeleteKernelStack
F 82000810 8284DF2C 0BB ( 187) MmCreateKernelStack
F 82000814 8284DF1C 0D1 ( 209) NtCreateEvent
F 82000818 8284DF0C 135 ( 309) RtlNtStatusToDosError
F 8200081C 8284DEFC 194 ( 404) XexCheckExecutablePrivilege
F 82000820 8284DEEC 05F ( 95) KeEnterCriticalRegion
F 82000824 8284DEDC 07D ( 125) KeLeaveCriticalRegion
F 82000828 8284DECC 0CC ( 204) NtAllocateVirtualMemory
F 8200082C 8284DEBC 259 ( 601) !! StfsCreateDevice
F 82000830 8284DEAC 103 ( 259) ObCreateSymbolicLink
F 82000834 8284DE9C 25A ( 602) !! StfsControlDevice
F 82000838 8284DE8C 0DB ( 219) NtFlushBuffersFile
F 8200083C 8284DE7C 104 ( 260) ObDeleteSymbolicLink
F 82000840 8284DE6C 105 ( 261) ObDereferenceObject
F 82000844 8284DE5C 0DC ( 220) NtFreeVirtualMemory
F 82000848 8284DE4C 0D2 ( 210) NtCreateFile
F 8200084C 8284DE3C 256 ( 598) XeKeysConsolePrivateKeySign
F 82000850 8284DE2C 0F0 ( 240) NtReadFile
F 82000854 8284DE1C 0FF ( 255) NtWriteFile
F 82000858 8284DE0C 192 ( 402) XeCryptSha
F 8200085C 8284DDFC 257 ( 599) !! XeKeysConsoleSignatureVerification
F 82000860 8284DDEC 015 ( 21) ExRegisterTitleTerminateNotification
F 82000864 8284DDDC 09D ( 157) KeSetEvent
F 82000868 8284DDCC 0B0 ( 176) KeWaitForSingleObject
F 8200086C 8284DDBC 08F ( 143) KeResetEvent
V 82000870 193 ( 403) XexExecutableModuleHandle
F 82000874 8284DDAC 12B ( 299) RtlImageXexHeaderField
F 82000878 8284DD9C 1A5 ( 421) !! __C_specific_handler
F 8200087C 8284DD8C 12C ( 300) RtlInitAnsiString
F 82000880 8284DD7C 0DF ( 223) NtOpenFile
F 82000884 8284DD6C 0CF ( 207) NtClose
F 82000888 8284DD5C 0EF ( 239) NtQueryVolumeInformationFile
F 8200088C 8284DD4C 0C4 ( 196) MmQueryAddressProtect
F 82000890 8284DD3C 0BD ( 189) MmFreePhysicalMemory
F 82000894 8284DD2C 0BA ( 186) MmAllocatePhysicalMemoryEx
F 82000898 8284DD1C 12E ( 302) RtlInitializeCriticalSection
F 8200089C 8284DD0C 130 ( 304) RtlLeaveCriticalSection
F 820008A0 8284DCFC 125 ( 293) RtlEnterCriticalSection
F 820008A4 8284DCEC 12F ( 303) RtlInitializeCriticalSectionAndSpinCount
F 820008A8 8284E11C 00D ( 13) ExCreateThread
F 820008AC 8284E47C 085 ( 133) KeRaiseIrqlToDpcLevel
F 820008B0 8284E48C 0B3 ( 179) KfLowerIrql
F 820008B4 8284E49C 088 ( 136) KeReleaseSemaphore
F 820008B8 8284E4AC 1F8 ( 504) XAudioGetVoiceCategoryVolume
F 820008BC 8284E4BC 1F7 ( 503) XAudioGetVoiceCategoryVolumeChangeMask
F 820008C0 8284E4CC 0AF ( 175) KeWaitForMultipleObjects
F 820008C4 8284E4DC 092 ( 146) KeResumeThread
F 820008C8 8284E4EC 074 ( 116) KeInitializeSemaphore
F 820008CC 8284E4FC 226 ( 550) XMAReleaseContext
F 820008D0 8284E50C 224 ( 548) XMACreateContext
F 820008D4 8284E51C 083 ( 131) KeQueryPerformanceFrequency
F 820008D8 8284E52C 141 ( 321) RtlTryEnterCriticalSection
F 820008DC 8284E53C 0AE ( 174) KeTryToAcquireSpinLockAtRaisedIrql
F 820008E0 8284E54C 1F3 ( 499) XAudioRegisterRenderDriverClient
F 820008E4 8284E55C 1F4 ( 500) XAudioUnregisterRenderDriverClient
F 820008E8 8284E56C 1F5 ( 501) XAudioSubmitRenderDriverFrame
F 820008EC 8284E57C 195 ( 405) XexGetModuleHandle
F 820008F0 8284E58C 147 ( 327) !! RtlUnwind
F 820008F4 8284E59C 152 ( 338) KeTlsAlloc
F 820008F8 8284E5AC 154 ( 340) KeTlsGetValue
F 820008FC 8284E5BC 155 ( 341) KeTlsSetValue
F 82000900 8284E5CC 153 ( 339) KeTlsFree
F 82000904 8284E5DC 119 ( 281) !! RtlCaptureContext
F 82000908 8284E5EC 05D ( 93) KeEnableFpuExceptions
F 8200090C 8284E5FC 0C6 ( 198) MmQueryStatistics
F 82000910 8284E60C 0D7 ( 215) NtCreateTimer
F 82000914 8284E61C 0FA ( 250) NtSetTimerEx
F 82000918 8284E62C 0CD ( 205) NtCancelTimer
F 8200091C 8284E63C 0E7 ( 231) NtQueryFullAttributesFile
F 82000920 8284E64C 127 ( 295) RtlFreeAnsiString
F 82000924 8284E65C 142 ( 322) RtlUnicodeStringToAnsiString
F 82000928 8284E66C 12D ( 301) RtlInitUnicodeString
F 8200092C 8284E67C 133 ( 307) RtlMultiByteToUnicodeN
F 82000930 8284E68C 001 ( 1) DbgBreakPoint
w> 000000D4 GameDatabase: Title doesn't contain XLAST data! Multiplayer functionality might be limited.
i> 000000D4 Title name: PROJECT SYLPHEED
i> 000000D4
-------------------- ACHIEVEMENTS --------------------
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| ID | Title | Description | Type | Gamerscore |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 1 | Space Combat Award | Received after your first space battle in the Glasner Training Area. | Event | 20 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 2 | Schlos Base Defense Award | Received for stopping the missile attack on Schlos Base. | Event | 20 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 3 | Aegis of the People Medal | Received for escorting all 7 refugee ships to safety. | Event | 20 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 4 | TCAF Luna Medal | Received for bravely helping the fleet escape during the invasion of the Matisse System. | Event | 20 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 5 | TCAF Mars Medal | Received for bravery beyond the call of duty during the escape from the Matisse System. | Event | 40 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 6 | Soldier's Charm Amulet | Given to you by Raymond as a token of his trust. | Event | 50 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 7 | White Griffons Patch | Received by the commander and pilots of the White Griffon Squadron when it is formed. | Event | 20 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 8 | TCAF Jupiter Medal | Received for bravery during the enemy's attack on the Alberti System. | Event | 30 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 9 | Furious Pursuit Badge | Received for continuing attacks on the enemy and shooting down a large number of ships. | Event | 40 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 10 | Solo Aerospace Combat Award | Received for descending into Acheron's atmosphere and engaging in combat alone. | Event | 30 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 11 | Operation Nebula Blaze Award | Received for completing the extremely hazardous Operation Nebula Blaze. | Event | 30 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 12 | Guilty Roses Patch | Received for repelling the Guilty Roses Squadron. | Event | 40 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 13 | Super Battleship Slayer Patch | Received for shooting down the second S battleship. | Event | 30 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 14 | TCAF Terra Medal | Received for shielding the fleet and seeing that all ships safely fled the Ingres System. | Event | 40 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 15 | Hellfires Patch | Received for repelling the enemy Hellfire Squadron. | Event | 40 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 16 | Night Ravens Patch | Received for challenging and eradicating the Night Raven Squadron. | Event | 50 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 17 | Solar System Defense Award | Received for great achievements during the campaign to defend the Solar System. | Event | 40 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 18 | Special Operations Medal | Received for heroically destroying the Prometheus Driver. | Event | 40 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 19 | 1,000 Units Destroyed Medal | Received for shooting down 1,000 enemy fighters and attackers in combat. | Event | 30 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 20 | 10,000 Units Destroyed Medal | Received for shooting down 10,000 enemy fighters and attackers in combat. | Event | 70 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 21 | Ship Hunter Award | Received for shooting down 100 enemy warships in combat. | Event | 50 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 22 | Gigaton Club Patch | Received for shooting down enemy vessels with a total weight of one gigaton. | Event | 70 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 23 | Weapon Lord Patch | Received after you collect all usable equipment for the Delta Saber. | Event | 80 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
| 24 | TCAF Pilot's Commendation | Commemmorates you as one of the greatest pilots in history. | Event | 100 |
+----+-------------------------------+-------------------------------------------------------------------------------------------+-------+------------+
i> 000000D4
-------------------- PROPERTIES --------------------
+----------+------------------+-------------+-----------+
| ID | Name | Matchmaking | Data Size |
+----------+------------------+-------------+-----------+
| 10000006 | Killed Aircrafts | False | 4 |
+----------+------------------+-------------+-----------+
| 10000008 | Equipments | False | 4 |
+----------+------------------+-------------+-----------+
| 1000000A | Clear Time | False | 4 |
+----------+------------------+-------------+-----------+
| 1000000B | Killed Warships | False | 4 |
+----------+------------------+-------------+-----------+
| 10008001 | Rank | False | 4 |
+----------+------------------+-------------+-----------+
| 1000800A | | False | 4 |
+----------+------------------+-------------+-----------+
| 1000800B | | False | 4 |
+----------+------------------+-------------+-----------+
| 20000005 | Killed Weight | False | 8 |
+----------+------------------+-------------+-----------+
| 20000007 | Clear Time | False | 8 |
+----------+------------------+-------------+-----------+
| 20000009 | Earned Points | False | 8 |
+----------+------------------+-------------+-----------+
| 40008002 | Gamer Name | False | 2 |
+----------+------------------+-------------+-----------+
i> 000000D4
-------------------- CONTEXTS --------------------
+----------+-------------+-------------+---------------+-----------+
| ID | Name | Matchmaking | Default Value | Max Value |
+----------+-------------+-------------+---------------+-----------+
| 00000000 | Game Stage | False | 0 | 28 |
+----------+-------------+-------------+---------------+-----------+
| 00000001 | Game Status | False | 0 | 9 |
+----------+-------------+-------------+---------------+-----------+
| 00008001 | | False | 0 | 0 |
+----------+-------------+-------------+---------------+-----------+
| 0000800A | Game Type | True | 0 | 1 |
+----------+-------------+-------------+---------------+-----------+
| 0000800B | | True | 0 | 0 |
+----------+-------------+-------------+---------------+-----------+
i> 000000D4
-------------------- STATS VIEWS --------------------
+----------+-------------+--------------------------+---------+------------+--------+-----------+-------------+
| ID | View Type | Name | Skilled | Arbitrated | Hidden | Team View | Online Only |
+----------+-------------+--------------------------+---------+------------+--------+-----------+-------------+
| 00000001 | Leaderboard | Time Attack (Permanent) | False | False | False | False | False |
+----------+-------------+--------------------------+---------+------------+--------+-----------+-------------+
| 00000002 | Leaderboard | Score Attack (Permanent) | False | False | False | False | False |
+----------+-------------+--------------------------+---------+------------+--------+-----------+-------------+
| 00000003 | Leaderboard | Extra 1 (Monthly) | False | False | False | False | False |
+----------+-------------+--------------------------+---------+------------+--------+-----------+-------------+
| 00000004 | Leaderboard | Extra 1 (Permanent) | False | False | False | False | False |
+----------+-------------+--------------------------+---------+------------+--------+-----------+-------------+
| 00000005 | Leaderboard | Extra 2 (Monthly) | False | False | False | False | False |
+----------+-------------+--------------------------+---------+------------+--------+-----------+-------------+
| 00000006 | Leaderboard | Extra 2 (Permanent) | False | False | False | False | False |
+----------+-------------+--------------------------+---------+------------+--------+-----------+-------------+
| 00000007 | Leaderboard | Extra 3 (Monthly) | False | False | False | False | False |
+----------+-------------+--------------------------+---------+------------+--------+-----------+-------------+
| 00000008 | Leaderboard | Extra 3 (Permanent) | False | False | False | False | False |
+----------+-------------+--------------------------+---------+------------+--------+-----------+-------------+
| 00000009 | Leaderboard | Extra 4 (Monthly) | False | False | False | False | False |
+----------+-------------+--------------------------+---------+------------+--------+-----------+-------------+
| 0000000A | Leaderboard | Extra 4 (Permanent) | False | False | False | False | False |
+----------+-------------+--------------------------+---------+------------+--------+-----------+-------------+
| 0000000C | Leaderboard | Time Attack (Monthly) | False | False | False | False | False |
+----------+-------------+--------------------------+---------+------------+--------+-----------+-------------+
| 0000000D | Leaderboard | Score Attack (Monthly) | False | False | False | False | False |
+----------+-------------+--------------------------+---------+------------+--------+-----------+-------------+
| FFFF0000 | Leaderboard | | True | False | False | False | False |
+----------+-------------+--------------------------+---------+------------+--------+-----------+-------------+
i> 000000D4
-------------------- PRESENCE MODES --------------------
+---------------+----------------+------------------+
| Context Value | Contexts Count | Properties Count |
+---------------+----------------+------------------+
| 0 | 2 | 0 |
+---------------+----------------+------------------+
i> 000000D4 XThread01000020 (5) Stack: 70110000-70130000
i> 000000D4 KernelState: Launching module...
i> 000000D4 XThreadF8000008 (6) Stack: 70150000-701D0000
K> 01000020 XThread::Execute thid 5 (handle=01000020, 'Kernel Dispatch (01000020)', native=00000190, <host>)
i> 01000010 Loaded 7 shaders from storage
i> 01000010 Loaded 4 pipeline descriptions, 8 shader translations needed
K> F8000008 XThread::Execute thid 6 (handle=F8000008, 'Main XThread (F8000008)', native=00000194)
K> F8000008 AUDIT-HLC XThread::Execute tid=6 start_address=824AB748 start_context=00000000 xapi=00000000
i> 01000010 Translated 7 shaders in 3 ms
i> 01000010 Pipeline cache loaded: 4 created, 0 already exist, 4 total stored
i> 01000010 Pipeline creation took 0 milliseconds
K> F8000008 AUDIT-HLC NtCreateEvent handle=F800000C type=1 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F800000C kevent_va=30029018 lr=824A9F6C
F> F8000008 NullDevice::ResolvePath()
F> F8000008 NullDevice::ResolvePath()
F> F8000008 NullDevice::ResolvePath()
!> F8000008 undefined extern call to 8284E0DC IoDismountVolumeByFileHandle
F> F8000008 NullDevice::ResolvePath()
i> F8000008 Got xam task args: v1 = 02080002, v2 = 00000000
i> F8000008 XThreadF8000010 (7) Stack: 701F0000-70270000
K> F8000010 XThread::Execute thid 7 (handle=F8000010, 'XThread01B8 (F8000010)', native=000001B8)
K> F8000010 AUDIT-HLC XThread::Execute tid=7 start_address=824A93C8 start_context=828A28F0 xapi=00000000
F> F8000010 NullDevice::ResolvePath()
w> F8000010 Game is attempting to allocate devkit debug memory (base: 00000000, size: 000FF000). Ignoring debug flag and using normal allocation.
!> F8000010 undefined extern call to 8284DEBC StfsCreateDevice
K> F8000010 AUDIT-HLC KeSetEvent guest_ptr=8287094C lr=824A95D0
K> F8000010 AUDIT-HLC XEvent::Set handle=F8000014 kevent_va=00000000 prio=1 lr=824A95D0
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000020 type=1 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000020 kevent_va=3002F018 lr=824A9F6C
K> F8000008 AUDIT-HLC ExCreateThread entry=82181830 start_ctx=828F3D08 xapi=824AFF88 flags=00000000 lr=824AC5F0 guest_lr=821817FC
i> F8000008 XThreadF8000024 (8) Stack: 70290000-702B0000
K> F8000024 XThread::Execute thid 8 (handle=F8000024, 'XThread01BC (F8000024)', native=000001BC)
K> F8000024 AUDIT-HLC XThread::Execute tid=8 start_address=82181830 start_context=828F3D08 xapi=824AFF88
K> F8000024 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000020 alertable=0 lr=824AC578 guest_lr=824AFFC4
F> F8000008 HostPathDevice::ResolvePath()
K> F8000008 AUDIT-HLC ExCreateThread entry=8245A5D0 start_ctx=828F4838 xapi=824AFF88 flags=00000000 lr=824AC5F0 guest_lr=824592B4
i> F8000008 XThreadF800002C (9) Stack: 702D0000-702E0000
K> F800002C XThread::Execute thid 9 (handle=F800002C, 'XThread01C0 (F800002C)', native=000001C0)
K> F800002C AUDIT-HLC XThread::Execute tid=9 start_address=8245A5D0 start_context=828F4838 xapi=824AFF88
F> F800002C HostPathDevice::ResolvePath()
F> F800002C HostPathDevice::ResolvePath()
F> F8000008 HostPathDevice::ResolvePath(\d4ea4615\e\46ee8ca)
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000034 kevent_va=00000000 prio=1 lr=8245ADEC
F> F8000008 HostPathDevice::ResolvePath(\d4ea4615\e)
K> F8000008 AUDIT-HLC NtCreateEvent handle=F800003C type=0 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F800003C kevent_va=3003B018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000040 type=0 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000040 kevent_va=3003D018 lr=824A9F6C
K> F8000008 AUDIT-HLC ExCreateThread entry=82450A28 start_ctx=828F3B68 xapi=824AFF88 flags=00000000 lr=824AC5F0 guest_lr=82450034
i> F8000008 XThreadF8000048 (A) Stack: 70300000-70340000
K> F8000048 XThread::Execute thid 10 (handle=F8000048, 'XThread01C4 (F8000048)', native=000001C4)
K> F8000048 AUDIT-HLC XThread::Execute tid=10 start_address=82450A28 start_context=828F3B68 xapi=824AFF88
K> F8000008 AUDIT-HLC NtDuplicateObject src=F800003C dst=F800004C options=00000002 lr=824AA3B4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F800003C alertable=0 lr=824AC578 guest_lr=82452E64
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000050 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000050 kevent_va=30045018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000050 kevent_va=30045018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000050 kevent_va=30045018 prio=0 lr=824AAFC8
!> F800002C BaseHeap::Release failed because address is not a region start
!> F800002C PhysicalHeap::Release failed due to parent heap failure
F> F800002C HostPathDevice::ResolvePath()
F> F800002C HostPathDevice::ResolvePath()
!> F8000048 BaseHeap::Release failed because address is not a region start
!> F8000048 PhysicalHeap::Release failed due to parent heap failure
K> F8000048 AUDIT-HLC NtSetEvent handle=F800004C lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F800003C kevent_va=3003B018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800003C result=00000000 lr=824AC578 guest_lr=82452E64
!> F800002C BaseHeap::Release failed because address is not a region start
!> F800002C PhysicalHeap::Release failed due to parent heap failure
K> F800002C AUDIT-HLC NtWaitForSingleObjectEx handle=F8000028 alertable=0 lr=824AC578 guest_lr=824AFFC4
!> F8000008 BaseHeap::Release failed because address is not a region start
!> F8000008 PhysicalHeap::Release failed due to parent heap failure
!> F8000008 BaseHeap::Release failed because address is not a region start
!> F8000008 PhysicalHeap::Release failed due to parent heap failure
F> F8000008 HostPathDevice::ResolvePath(\69d8e45c\8\3421153)
F> F8000008 DiscImageDevice::ResolvePath(\dat)
F> F8000008 HostPathDevice::ResolvePath(\69d8e45c\9\355f2f8)
F> F8000008 HostPathDevice::ResolvePath(\69d8e45c\9)
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000038 type=0 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000038 kevent_va=3003B018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtDuplicateObject src=F8000038 dst=F800003C options=00000002 lr=824AA3B4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000038 alertable=0 lr=824AC578 guest_lr=82452E64
K> F8000048 AUDIT-HLC NtCreateEvent handle=F800004C type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F800004C kevent_va=30045018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F800004C kevent_va=30045018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F800004C kevent_va=30045018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F800004C type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F800004C kevent_va=30045018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000050 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000050 kevent_va=30047018 lr=824A9F6C
K> F8000048 AUDIT-HLC ExCreateThread entry=82457EF0 start_ctx=828F3B08 xapi=824AFF88 flags=00000000 lr=824AC5F0 guest_lr=82457EA0
i> F8000048 XThreadF8000058 (B) Stack: 70360000-70370000
K> F8000048 AUDIT-HLC NtWaitForSingleObjectEx handle=F800004C alertable=0 lr=824AC578 guest_lr=8245148C
K> F8000058 XThread::Execute thid 11 (handle=F8000058, 'XThread01C8 (F8000058)', native=000001C8)
K> F8000058 AUDIT-HLC XThread::Execute tid=11 start_address=82457EF0 start_context=828F3B08 xapi=824AFF88
K> F8000058 AUDIT-HLC NtSetEvent handle=F800004C lr=824AA304 guest_lr=82457F18
K> F8000058 AUDIT-HLC XEvent::Set handle=F800004C kevent_va=30045018 prio=0 lr=824AA304
K> F8000048 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800004C result=00000000 lr=824AC578 guest_lr=8245148C
!> F8000048 BaseHeap::Release failed because address is not a region start
!> F8000048 PhysicalHeap::Release failed due to parent heap failure
K> F8000048 AUDIT-HLC NtSetEvent handle=F800003C lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000038 kevent_va=3003B018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000038 result=00000000 lr=824AC578 guest_lr=82452E64
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000038 type=1 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000038 kevent_va=30045018 lr=824A9F6C
K> F8000008 AUDIT-HLC ExCreateThread entry=824CD458 start_ctx=BE56BB3C xapi=00000000 flags=04000080 lr=824CD984 guest_lr=824C1AD8
i> F8000008 XThreadF800004C (C) Stack: 70390000-703A0000
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC singleton[0x828E1F08]=BC22C910 vtable=820A183C vtable[0]=82175330 vtable[24]=82175378
K> F800004C XThread::Execute thid 12 (handle=F800004C, 'XThread01CC (F800004C)', native=000001CC)
K> F800004C AUDIT-HLC XThread::Execute tid=12 start_address=824CD458 start_context=BE56BB3C xapi=00000000
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
i> F8000008 Hardware scaler: width ratio 1:1, height ratio 1:1, final aspect ratio 16:9
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
i> 01000010 Selecting rep movs vastcpy.
K> F8000008 AUDIT-HLC JitProlog pc=822F1AA8 tid=00000006 r3=BCE24A40 r4=00000000 r5=00000000 r6=02D00000 r7=00000000 r8=02D00500 r9=00000000 r10=00000000 lr=8216EE14
K> F8000008 AUDIT-HLC JitProlog pc=822F1AA8 r3+00: 00000021 00000001 BE568F00 BC65CA00
K> F8000008 AUDIT-HLC JitProlog pc=822F1AA8 r3+10: BC65C980 BC65C9C0 BC65CA40 00000000
K> F8000008 AUDIT-HLC JitProlog pc=822F1AA8 r3+20: 00000000 00000000 00000000 00000000
K> F8000008 AUDIT-HLC JitProlog pc=822F1AA8 r3+30: 00000000 00000000 00000006 00000000
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000060 type=1 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000060 kevent_va=30053018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000064 type=1 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000064 kevent_va=30055018 lr=824A9F6C
K> F8000008 AUDIT-HLC ExCreateThread entry=822F1EE0 start_ctx=BCE24A40 xapi=824AFF88 flags=00000001 lr=824AC5F0 guest_lr=822F1B0C
i> F8000008 XThreadF8000068 (D) Stack: 703C0000-70440000
K> F8000068 XThread::Execute thid 13 (handle=F8000068, 'XThread01D0 (F8000068)', native=000001D0)
K> F8000068 AUDIT-HLC XThread::Execute tid=13 start_address=822F1EE0 start_context=BCE24A40 xapi=824AFF88
F> F8000008 HostPathDevice::ResolvePath(\aab216c3\a\2c8c185)
F> F8000008 HostPathDevice::ResolvePath(\aab216c3\a)
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000070 type=0 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000070 kevent_va=3005B018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtDuplicateObject src=F8000070 dst=F8000074 options=00000002 lr=824AA3B4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000070 alertable=0 lr=824AC578 guest_lr=82452E64
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000078 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000078 kevent_va=3005D018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000078 kevent_va=3005D018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=3005D018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000078 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000078 kevent_va=3005D018 lr=824A9F6C
K> F8000048 AUDIT-HLC XEvent::Set handle=F800007C kevent_va=00000000 prio=1 lr=8245802C
K> F8000048 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000078 alertable=0 lr=824AC578 guest_lr=8245148C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000058 AUDIT-HLC NtSetEvent handle=F8000078 lr=824AA304 guest_lr=82457F18
K> F8000058 AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=3005D018 prio=0 lr=824AA304
K> F8000048 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000078 result=00000000 lr=824AC578 guest_lr=8245148C
!> F8000048 BaseHeap::Release failed because address is not a region start
!> F8000048 PhysicalHeap::Release failed due to parent heap failure
K> F8000048 AUDIT-HLC NtSetEvent handle=F8000074 lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000070 kevent_va=3005B018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000070 result=00000000 lr=824AC578 guest_lr=82452E64
F> F8000008 HostPathDevice::ResolvePath(\69d8e45c\9\73a5c0a)
F> F8000008 HostPathDevice::ResolvePath(\69d8e45c\9)
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000070 type=0 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000070 kevent_va=3005B018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtDuplicateObject src=F8000070 dst=F8000074 options=00000002 lr=824AA3B4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000070 alertable=0 lr=824AC578 guest_lr=82452E64
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000078 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000078 kevent_va=3005D018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000078 kevent_va=3005D018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=3005D018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000078 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000078 kevent_va=3005D018 lr=824A9F6C
K> F8000048 AUDIT-HLC XEvent::Set handle=F800007C kevent_va=00000000 prio=1 lr=8245802C
K> F8000048 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000078 alertable=0 lr=824AC578 guest_lr=8245148C
K> F8000058 AUDIT-HLC NtSetEvent handle=F8000078 lr=824AA304 guest_lr=82457F18
K> F8000058 AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=3005D018 prio=0 lr=824AA304
K> F8000048 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000078 result=00000000 lr=824AC578 guest_lr=8245148C
K> F8000048 AUDIT-HLC NtSetEvent handle=F8000074 lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000070 kevent_va=3005B018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000070 result=00000000 lr=824AC578 guest_lr=82452E64
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC ExCreateThread entry=824D2878 start_ctx=00000000 xapi=00000000 flags=10000001 lr=824D2E68 guest_lr=824D059C
i> F8000008 XThreadF8000070 (E) Stack: 70460000-704E0000
K> F8000008 AUDIT-HLC ExCreateThread entry=824D2940 start_ctx=00000000 xapi=00000000 flags=20000001 lr=824D2E68 guest_lr=824D059C
i> F8000008 XThreadF8000074 (F) Stack: 70500000-70580000
K> F8000070 XThread::Execute thid 14 (handle=F8000070, 'XThread01D4 (F8000070)', native=000001D4)
K> F8000070 AUDIT-HLC XThread::Execute tid=14 start_address=824D2878 start_context=00000000 xapi=00000000
K> F8000074 XThread::Execute thid 15 (handle=F8000074, 'XThread01D8 (F8000074)', native=000001D8)
K> F8000074 AUDIT-HLC XThread::Execute tid=15 start_address=824D2940 start_context=00000000 xapi=00000000
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
i> F8000008 AudioSystem::RegisterClient: driver created for index=0, driver=0x746db2010040
i> F8000008 AudioSystem::RegisterClient: client 0 registered successfully
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000088 type=0 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000088 kevent_va=30064018 lr=824A9F6C
F> F8000008 HostPathDevice::ResolvePath(\69d8e45c\9\39a9dcc)
F> F8000008 HostPathDevice::ResolvePath(\69d8e45c\9)
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000088 alertable=0 lr=824AC578 guest_lr=8245FA10
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000090 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000090 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000090 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=30066018 prio=0 lr=824AAFC8
!> F8000048 BaseHeap::Release failed because address is not a region start
!> F8000048 PhysicalHeap::Release failed due to parent heap failure
K> F8000048 AUDIT-HLC NtDuplicateObject src=F8000088 dst=F8000090 options=00000002 lr=824AA3B4
K> F8000048 AUDIT-HLC NtSetEvent handle=F8000090 lr=824AA304 guest_lr=82460EC0
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000088 kevent_va=30064018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000088 result=00000000 lr=824AC578 guest_lr=8245FA10
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000088 type=0 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000088 kevent_va=30064018 lr=824A9F6C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
F> F8000008 DiscImageDevice::ResolvePath(\dat)
K> F8000008 AUDIT-HLC NtDuplicateObject src=F8000088 dst=F8000090 options=00000002 lr=824AA3B4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000090 lr=824AA304 guest_lr=82460078
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000088 kevent_va=30064018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000088 alertable=0 lr=824AC578 guest_lr=82460150
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000088 result=00000000 lr=824AC578 guest_lr=82460150
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000088 type=0 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000088 kevent_va=30064018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtDuplicateObject src=F8000088 dst=F8000090 options=00000002 lr=824AA3B4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000088 alertable=0 lr=824AC578 guest_lr=82179148
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30066018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30066018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30066018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtSetEvent handle=F8000090 lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000088 kevent_va=30064018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000088 result=00000000 lr=824AC578 guest_lr=82179148
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827E8E68
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC ExCreateThread entry=82178950 start_ctx=828F3EC0 xapi=824AFF88 flags=00000000 lr=824AC5F0 guest_lr=82178F08
i> F8000008 XThreadF8000088 (10) Stack: 705A0000-705B0000
K> F8000088 XThread::Execute thid 16 (handle=F8000088, 'XThread01EC (F8000088)', native=000001EC)
K> F8000088 AUDIT-HLC XThread::Execute tid=16 start_address=82178950 start_context=828F3EC0 xapi=824AFF88
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30068018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000094 alertable=0 lr=824AC578 guest_lr=82173BD4
K> F8000068 AUDIT-HLC NtSetEvent handle=F8000094 lr=824AA304 guest_lr=822F1FC8
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30068018 prio=0 lr=824AA304
K> F8000068 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000038 alertable=0 lr=824AC578 guest_lr=822F1FC8
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000094 result=00000000 lr=824AC578 guest_lr=82173BD4
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000038 lr=824AA304 guest_lr=82173BF0
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000038 kevent_va=30045018 prio=0 lr=824AA304
K> F8000068 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000038 result=00000000 lr=824AC578 guest_lr=822F1FC8
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30068018 lr=824A9F6C
K> F8000008 AUDIT-HLC ExCreateThread entry=821748F0 start_ctx=BC365700 xapi=824AFF88 flags=00000001 lr=824AC5F0 guest_lr=82174828
i> F8000008 XThreadF8000098 (11) Stack: 705D0000-70650000
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000098 alertable=0 lr=824AC578 guest_lr=822F1B50
K> F8000098 XThread::Execute thid 17 (handle=F8000098, 'XThread01F0 (F8000098)', native=000001F0)
K> F8000098 AUDIT-HLC XThread::Execute tid=17 start_address=821748F0 start_context=BC365700 xapi=824AFF88
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000098 AUDIT-HLC NtCreateEvent handle=F800009C type=1 initial_state=1 lr=824A9F6C
K> F8000098 AUDIT-HLC NtCreateEvent_inner handle=F800009C kevent_va=3006E018 lr=824A9F6C
K> F8000098 AUDIT-HLC NtCreateEvent handle=F80000A0 type=0 initial_state=0 lr=824A9F6C
K> F8000098 AUDIT-HLC NtCreateEvent_inner handle=F80000A0 kevent_va=30070018 lr=824A9F6C
F> F8000098 HostPathDevice::ResolvePath(\aab216c3\5\ee70e0a)
F> F8000098 HostPathDevice::ResolvePath(\aab216c3\5)
K> F8000098 AUDIT-HLC NtDuplicateObject src=F80000A0 dst=F80000A8 options=00000002 lr=824AA3B4
K> F8000098 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000A0 alertable=0 lr=824AC578 guest_lr=821CBAE0
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000AC type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000AC kevent_va=30072018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000AC kevent_va=30072018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000AC kevent_va=30072018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000AC type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000AC kevent_va=30072018 lr=824A9F6C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000048 AUDIT-HLC XEvent::Set handle=F800007C kevent_va=00000000 prio=1 lr=8245802C
K> F8000048 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000AC alertable=0 lr=824AC578 guest_lr=8245148C
K> F8000058 AUDIT-HLC NtSetEvent handle=F80000AC lr=824AA304 guest_lr=82457F18
K> F8000058 AUDIT-HLC XEvent::Set handle=F80000AC kevent_va=30072018 prio=0 lr=824AA304
K> F8000048 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000AC result=00000000 lr=824AC578 guest_lr=8245148C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000048 AUDIT-HLC NtSetEvent handle=F80000A8 lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000A0 kevent_va=30070018 prio=0 lr=824AA304
K> F8000098 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000A0 result=00000000 lr=824AC578 guest_lr=821CBAE0
K> F8000098 AUDIT-HLC ExCreateThread entry=821C4AD0 start_ctx=BCA44C00 xapi=824AFF88 flags=00000000 lr=824AC5F0 guest_lr=821C4F64
i> F8000098 XThreadF80000A0 (12) Stack: 70670000-70680000
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F80000A0 XThread::Execute thid 18 (handle=F80000A0, 'XThread01F4 (F80000A0)', native=000001F4)
K> F80000A0 AUDIT-HLC XThread::Execute tid=18 start_address=821C4AD0 start_context=BCA44C00 xapi=824AFF88
K> F80000A0 AUDIT-HLC ExCreateThread entry=822C6870 start_ctx=828F3300 xapi=824AFF88 flags=00000001 lr=824AC5F0 guest_lr=822C66F4
i> F80000A0 XThreadF80000A8 (13) Stack: 706A0000-706D0000
K> F80000A0 AUDIT-HLC ExCreateThread entry=822C6870 start_ctx=828F3300 xapi=824AFF88 flags=00000001 lr=824AC5F0 guest_lr=822C66F4
i> F80000A0 XThreadF80000AC (14) Stack: 706F0000-70720000
K> F80000A8 XThread::Execute thid 19 (handle=F80000A8, 'XThread01F8 (F80000A8)', native=000001F8)
K> F80000A8 AUDIT-HLC XThread::Execute tid=19 start_address=822C6870 start_context=828F3300 xapi=824AFF88
K> F80000AC XThread::Execute thid 20 (handle=F80000AC, 'XThread01FC (F80000AC)', native=000001FC)
K> F80000AC AUDIT-HLC XThread::Execute tid=20 start_address=822C6870 start_context=828F3300 xapi=824AFF88
K> F80000A8 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000A4 alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F80000AC AUDIT-HLC NtWaitForSingleObjectEx handle=F80000A4 alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000098 AUDIT-HLC NtCreateEvent handle=F80000B0 type=0 initial_state=0 lr=824A9F6C
K> F8000098 AUDIT-HLC NtCreateEvent_inner handle=F80000B0 kevent_va=3007E018 lr=824A9F6C
F> F8000098 HostPathDevice::ResolvePath(\87719002\c\dba806e)
F> F8000098 HostPathDevice::ResolvePath(\87719002\c)
K> F8000098 AUDIT-HLC NtDuplicateObject src=F80000B0 dst=F80000B8 options=00000002 lr=824AA3B4
K> F8000098 AUDIT-HLC NtCreateEvent handle=F80000BC type=0 initial_state=0 lr=824A9F6C
K> F8000098 AUDIT-HLC NtCreateEvent_inner handle=F80000BC kevent_va=30080018 lr=824A9F6C
F> F8000098 HostPathDevice::ResolvePath(\87719002\c\ec0a96e)
F> F8000098 HostPathDevice::ResolvePath(\87719002\c)
K> F8000098 AUDIT-HLC NtDuplicateObject src=F80000BC dst=F80000C4 options=00000002 lr=824AA3B4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000098 AUDIT-HLC NtCreateEvent handle=F80000C8 type=0 initial_state=0 lr=824A9F6C
K> F8000098 AUDIT-HLC NtCreateEvent_inner handle=F80000C8 kevent_va=30082018 lr=824A9F6C
F> F8000098 HostPathDevice::ResolvePath(\87719002\a\60fcb85)
F> F8000098 HostPathDevice::ResolvePath(\87719002\a)
K> F8000098 AUDIT-HLC NtDuplicateObject src=F80000C8 dst=F80000D0 options=00000002 lr=824AA3B4
K> F8000098 AUDIT-HLC NtCreateEvent handle=F80000D4 type=0 initial_state=0 lr=824A9F6C
K> F8000098 AUDIT-HLC NtCreateEvent_inner handle=F80000D4 kevent_va=30084018 lr=824A9F6C
K> F80000A0 AUDIT-HLC XEvent::Set handle=F80000D8 kevent_va=00000000 prio=1 lr=8244F5AC
K> F8000098 AUDIT-HLC XEvent::Set handle=F80000D8 kevent_va=00000000 prio=1 lr=8244F684
K> F80000A0 AUDIT-HLC XEvent::Set handle=F80000D8 kevent_va=00000000 prio=1 lr=8244F684
F> F80000A0 DiscImageDevice::ResolvePath(\hidden\Resource3D)
F> F8000098 HostPathDevice::ResolvePath(\87719002\2\85d8849)
F> F8000098 HostPathDevice::ResolvePath(\87719002\2)
K> F8000098 AUDIT-HLC NtDuplicateObject src=F80000D4 dst=F80000E4 options=00000002 lr=824AA3B4
K> F80000A0 AUDIT-HLC NtCreateEvent handle=F80000E8 type=1 initial_state=0 lr=824A9F6C
K> F80000A0 AUDIT-HLC NtCreateEvent_inner handle=F80000E8 kevent_va=30086018 lr=824A9F6C
K> F80000A0 AUDIT-HLC NtDuplicateObject src=F80000E8 dst=F80000EC options=00000002 lr=824AA3B4
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E8 alertable=0 lr=824AC578 guest_lr=822DFCC8
K> F8000098 AUDIT-HLC NtCreateEvent handle=F80000F0 type=0 initial_state=0 lr=824A9F6C
K> F8000098 AUDIT-HLC NtCreateEvent_inner handle=F80000F0 kevent_va=30088018 lr=824A9F6C
F> F8000098 HostPathDevice::ResolvePath(\87719002\a\715f485)
F> F8000098 HostPathDevice::ResolvePath(\87719002\a)
K> F8000098 AUDIT-HLC NtDuplicateObject src=F80000F0 dst=F80000F8 options=00000002 lr=824AA3B4
K> F8000098 AUDIT-HLC NtCreateEvent handle=F80000FC type=0 initial_state=0 lr=824A9F6C
K> F8000098 AUDIT-HLC NtCreateEvent_inner handle=F80000FC kevent_va=3008A018 lr=824A9F6C
F> F8000098 HostPathDevice::ResolvePath(\87719002\c\f2a8ccd)
F> F8000098 HostPathDevice::ResolvePath(\87719002\c)
K> F8000098 AUDIT-HLC NtDuplicateObject src=F80000FC dst=F8000104 options=00000002 lr=824AA3B4
K> F8000098 AUDIT-HLC NtCreateEvent handle=F8000108 type=0 initial_state=0 lr=824A9F6C
K> F8000098 AUDIT-HLC NtCreateEvent_inner handle=F8000108 kevent_va=3008C018 lr=824A9F6C
F> F8000098 HostPathDevice::ResolvePath(\87719002\0\1a2db9c)
F> F8000098 HostPathDevice::ResolvePath(\87719002\0)
K> F8000098 AUDIT-HLC NtDuplicateObject src=F8000108 dst=F8000110 options=00000002 lr=824AA3B4
K> F8000098 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000F0 alertable=0 lr=824AC578 guest_lr=821C515C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000114 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000114 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000114 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000114 kevent_va=3008E018 prio=0 lr=824AAFC8
!> F8000048 BaseHeap::Release failed because address is not a region start
!> F8000048 PhysicalHeap::Release failed due to parent heap failure
K> F8000048 AUDIT-HLC NtSetEvent handle=F80000B8 lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B0 kevent_va=3007E018 prio=0 lr=824AA304
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
!> F8000048 BaseHeap::Release failed because address is not a region start
!> F8000048 PhysicalHeap::Release failed due to parent heap failure
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtSetEvent handle=F80000C4 lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000BC kevent_va=30080018 prio=0 lr=824AA304
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000048 AUDIT-HLC NtSetEvent handle=F80000D0 lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000C8 kevent_va=30082018 prio=0 lr=824AA304
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
!> F8000048 BaseHeap::Release failed because address is not a region start
!> F8000048 PhysicalHeap::Release failed due to parent heap failure
K> F8000048 AUDIT-HLC NtSetEvent handle=F80000E4 lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000D4 kevent_va=30084018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000048 AUDIT-HLC NtSetEvent handle=F80000EC lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E8 kevent_va=30086018 prio=0 lr=824AA304
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E8 result=00000000 lr=824AC578 guest_lr=822DFCC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B4 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B4 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F80000A0 AUDIT-HLC NtDuplicateObject src=F80000E8 dst=F80000B4 options=00000002 lr=824AA3B4
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E8 alertable=0 lr=824AC578 guest_lr=822DFE24
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3008E018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3008E018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3008E018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtSetEvent handle=F80000F8 lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000F0 kevent_va=30088018 prio=0 lr=824AA304
K> F8000098 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000F0 result=00000000 lr=824AC578 guest_lr=821C515C
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=30088018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=30088018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=30088018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtSetEvent handle=F8000104 lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000FC kevent_va=3008A018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000098 result=00000000 lr=824AC578 guest_lr=822F1B50
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=30088018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=30088018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=30088018 prio=0 lr=824AAFC8
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
!> F8000048 BaseHeap::Release failed because address is not a region start
!> F8000048 PhysicalHeap::Release failed due to parent heap failure
K> F8000048 AUDIT-HLC NtSetEvent handle=F8000110 lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000108 kevent_va=3008C018 prio=0 lr=824AA304
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=30088018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=30088018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=30088018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=30088018 lr=824A9F6C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=30088018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=30088018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=30088018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=30088018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=30088018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=30088018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=30088018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=30088018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30068018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30068018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30068018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30068018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30068018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30068018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30068018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30068018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30068018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30068018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30068018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30068018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30068018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30068018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30068018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30068018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30068018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30068018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30068018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30068018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30068018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30068018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30068018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30068018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30068018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30068018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30068018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000094 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=30068018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000094 kevent_va=30068018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000094 kevent_va=30068018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtSetEvent handle=F80000B4 lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E8 kevent_va=30086018 prio=0 lr=824AA304
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E8 result=00000000 lr=824AC578 guest_lr=822DFE24
K> F80000A0 AUDIT-HLC NtDuplicateObject src=F80000E8 dst=F8000094 options=00000002 lr=824AA3B4
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E8 alertable=0 lr=824AC578 guest_lr=822DFED0
K> F8000008 AUDIT-HLC NtCreateEvent handle=F80000B4 type=0 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F80000B4 kevent_va=30068018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000008 AUDIT-HLC ExCreateThread entry=824563E0 start_ctx=828F3E70 xapi=824AFF88 flags=00000000 lr=824AC5F0 guest_lr=82456A44
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
i> F8000008 XThreadF80000C0 (15) Stack: 705D0000-705E0000
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000C4 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F80000C0 XThread::Execute thid 21 (handle=F80000C0, 'XThread0200 (F80000C0)', native=00000200)
K> F80000C0 AUDIT-HLC XThread::Execute tid=21 start_address=824563E0 start_context=828F3E70 xapi=824AFF88
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000C4 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000B8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000B8 kevent_va=3006A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000B8 kevent_va=3006A018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B8 kevent_va=3006A018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtSetEvent handle=F8000094 lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E8 kevent_va=30086018 prio=0 lr=824AA304
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E8 result=00000000 lr=824AC578 guest_lr=822DFED0
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000094 type=1 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000094 kevent_va=3006A018 lr=824A9F6C
K> F8000008 AUDIT-HLC ExCreateThread entry=82170430 start_ctx=828F4070 xapi=824AFF88 flags=00000000 lr=824AC5F0 guest_lr=82170260
i> F8000008 XThreadF80000B8 (16) Stack: 70600000-70610000
K> F80000B8 XThread::Execute thid 22 (handle=F80000B8, 'XThread0204 (F80000B8)', native=00000204)
K> F80000B8 AUDIT-HLC XThread::Execute tid=22 start_address=82170430 start_context=828F4070 xapi=824AFF88
K> F8000008 AUDIT-HLC NtCreateEvent handle=F80000CC type=0 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F80000CC kevent_va=30086018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000CC alertable=0 lr=824AC578 guest_lr=82172BC8
K> F8000068 AUDIT-HLC NtSetEvent handle=F80000CC lr=824AA304 guest_lr=822F1FC8
K> F8000068 AUDIT-HLC XEvent::Set handle=F80000CC kevent_va=30086018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000CC result=00000000 lr=824AC578 guest_lr=82172BC8
K> F8000068 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000038 alertable=0 lr=824AC578 guest_lr=822F1FC8
K> F80000B8 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000094 alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
F> F80000A0 DiscImageDevice::ResolvePath(\hidden\Resource3D)
K> F80000A0 AUDIT-HLC NtCreateEvent handle=F80000D0 type=1 initial_state=0 lr=824A9F6C
K> F80000A0 AUDIT-HLC NtCreateEvent_inner handle=F80000D0 kevent_va=30086018 lr=824A9F6C
K> F80000A0 AUDIT-HLC NtDuplicateObject src=F80000D0 dst=F80000DC options=00000002 lr=824AA3B4
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000D0 alertable=0 lr=824AC578 guest_lr=822DFCC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtSetEvent handle=F80000DC lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000D0 kevent_va=30086018 prio=0 lr=824AA304
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000D0 result=00000000 lr=824AC578 guest_lr=822DFCC8
K> F80000A0 AUDIT-HLC NtDuplicateObject src=F80000D0 dst=F80000DC options=00000002 lr=824AA3B4
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000D0 alertable=0 lr=824AC578 guest_lr=822DFE24
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000008 AUDIT-HLC NtCreateEvent handle=F80000E4 type=0 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F80000E4 kevent_va=30096018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtSetEvent handle=F80000DC lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000D0 kevent_va=30086018 prio=0 lr=824AA304
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000D0 result=00000000 lr=824AC578 guest_lr=822DFE24
K> F80000A0 AUDIT-HLC NtDuplicateObject src=F80000D0 dst=F80000DC options=00000002 lr=824AA3B4
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000D0 alertable=0 lr=824AC578 guest_lr=822DFED0
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E0 kevent_va=30094018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E0 kevent_va=30094018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E0 kevent_va=30094018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E8 kevent_va=30098018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E8 kevent_va=30098018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E8 kevent_va=30098018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E8 kevent_va=30098018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E8 kevent_va=30098018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E8 kevent_va=30098018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E8 kevent_va=30098018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E8 kevent_va=30098018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E8 kevent_va=30098018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E8 kevent_va=30098018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent handle=F80000EC type=0 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F80000EC kevent_va=3009A018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E8 kevent_va=30098018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E8 kevent_va=30098018 prio=0 lr=824AAFC8
K> F8000008 AUDIT-HLC ExCreateThread entry=823DDE30 start_ctx=828F3C4C xapi=824AFF88 flags=00000000 lr=824AC5F0 guest_lr=823DDDB4
i> F8000008 XThreadF80000F4 (17) Stack: 70630000-70640000
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E8 kevent_va=30098018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E8 kevent_va=30098018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E8 kevent_va=30098018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E8 kevent_va=30098018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E8 kevent_va=30098018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E8 kevent_va=30098018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E8 kevent_va=30098018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E8 kevent_va=30098018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E8 kevent_va=30098018 prio=0 lr=824AAFC8
K> F80000F4 XThread::Execute thid 23 (handle=F80000F4, 'XThread0208 (F80000F4)', native=00000208)
K> F80000F4 AUDIT-HLC XThread::Execute tid=23 start_address=823DDE30 start_context=828F3C4C xapi=824AFF88
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000E8 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000E8 kevent_va=30098018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent handle=F80000F8 type=0 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F80000F8 kevent_va=300A2018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000E8 kevent_va=30098018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000E8 kevent_va=30098018 prio=0 lr=824AAFC8
K> F8000008 AUDIT-HLC ExCreateThread entry=823DDB50 start_ctx=828F3C88 xapi=824AFF88 flags=00000001 lr=824AC5F0 guest_lr=823DD924
i> F8000008 XThreadF80000E8 (18) Stack: 70740000-707C0000
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000008 AUDIT-HLC ExCreateThread entry=823DDB50 start_ctx=828F3C88 xapi=824AFF88 flags=00000001 lr=824AC5F0 guest_lr=823DD924
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
i> F8000008 XThreadF8000110 (19) Stack: 707E0000-70860000
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F80000E8 XThread::Execute thid 24 (handle=F80000E8, 'XThread020C (F80000E8)', native=0000020C)
K> F80000E8 AUDIT-HLC XThread::Execute tid=24 start_address=823DDB50 start_context=828F3C88 xapi=824AFF88
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000110 XThread::Execute thid 25 (handle=F8000110, 'XThread0210 (F8000110)', native=00000210)
K> F8000110 AUDIT-HLC XThread::Execute tid=25 start_address=823DDB50 start_context=828F3C88 xapi=824AFF88
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000038 lr=824AA304 guest_lr=82172DF4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000038 kevent_va=30045018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000068 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000038 result=00000000 lr=824AC578 guest_lr=822F1FC8
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300A8018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300A8018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300A8018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtSetEvent handle=F80000DC lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000D0 kevent_va=30086018 prio=0 lr=824AA304
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000D0 result=00000000 lr=824AC578 guest_lr=822DFED0
K> F8000008 AUDIT-HLC NtCreateEvent handle=F80000B0 type=0 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F80000B0 kevent_va=3007E018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000B0 alertable=0 lr=824AC578 guest_lr=821CC19C
K> F8000068 AUDIT-HLC NtSetEvent handle=F80000B0 lr=824AA304 guest_lr=822F1FC8
K> F8000068 AUDIT-HLC XEvent::Set handle=F80000B0 kevent_va=3007E018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000B0 result=00000000 lr=824AC578 guest_lr=821CC19C
K> F8000068 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000038 alertable=0 lr=824AC578 guest_lr=822F1FC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
F> F80000A0 DiscImageDevice::ResolvePath(\hidden\Resource3D)
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F80000A0 AUDIT-HLC NtCreateEvent handle=F80000CC type=1 initial_state=0 lr=824A9F6C
K> F80000A0 AUDIT-HLC NtCreateEvent_inner handle=F80000CC kevent_va=3007E018 lr=824A9F6C
K> F80000A0 AUDIT-HLC NtDuplicateObject src=F80000CC dst=F80000D0 options=00000002 lr=824AA3B4
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000CC alertable=0 lr=824AC578 guest_lr=822DFCC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000DC type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000DC kevent_va=30086018 lr=824A9F6C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000DC kevent_va=30086018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000DC kevent_va=30086018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtSetEvent handle=F80000D0 lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000CC kevent_va=3007E018 prio=0 lr=824AA304
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000CC result=00000000 lr=824AC578 guest_lr=822DFCC8
K> F80000A0 AUDIT-HLC NtDuplicateObject src=F80000CC dst=F80000D0 options=00000002 lr=824AA3B4
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000CC alertable=0 lr=824AC578 guest_lr=822DFE24
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000DC type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000DC kevent_va=30086018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000DC kevent_va=30086018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000DC kevent_va=30086018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000DC type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000DC kevent_va=30086018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000DC kevent_va=30086018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000DC kevent_va=30086018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000DC type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000DC kevent_va=30086018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000DC kevent_va=30086018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000DC kevent_va=30086018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtSetEvent handle=F80000D0 lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000CC kevent_va=3007E018 prio=0 lr=824AA304
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000CC result=00000000 lr=824AC578 guest_lr=822DFE24
K> F80000A0 AUDIT-HLC NtDuplicateObject src=F80000CC dst=F80000D0 options=00000002 lr=824AA3B4
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000CC alertable=0 lr=824AC578 guest_lr=822DFED0
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000DC type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000DC kevent_va=30086018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000DC kevent_va=30086018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000DC kevent_va=30086018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000DC type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000DC kevent_va=30086018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000DC kevent_va=30086018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000DC kevent_va=30086018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000DC type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000DC kevent_va=30086018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000DC kevent_va=30086018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000DC kevent_va=30086018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtSetEvent handle=F80000D0 lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000CC kevent_va=3007E018 prio=0 lr=824AA304
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000CC result=00000000 lr=824AC578 guest_lr=822DFED0
F> F80000A0 HostPathDevice::ResolvePath(\69d8e45c\f\ca5c62e)
K> F80000A0 AUDIT-HLC NtCreateEvent handle=F80000B0 type=0 initial_state=0 lr=824A9F6C
K> F80000A0 AUDIT-HLC NtCreateEvent_inner handle=F80000B0 kevent_va=3007E018 lr=824A9F6C
F> F80000A0 HostPathDevice::ResolvePath(\69d8e45c\d\14ba3f8)
F> F80000A0 HostPathDevice::ResolvePath(\69d8e45c\d)
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000B0 alertable=0 lr=824AC578 guest_lr=8245FA10
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000D0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000D0 kevent_va=30086018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000D0 kevent_va=30086018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000D0 kevent_va=30086018 prio=0 lr=824AAFC8
!> F8000048 BaseHeap::Release failed because address is not a region start
!> F8000048 PhysicalHeap::Release failed due to parent heap failure
!> F8000048 BaseHeap::Release failed because address is not a region start
!> F8000048 PhysicalHeap::Release failed due to parent heap failure
K> F8000048 AUDIT-HLC NtDuplicateObject src=F80000B0 dst=F80000D0 options=00000002 lr=824AA3B4
K> F8000048 AUDIT-HLC NtSetEvent handle=F80000D0 lr=824AA304 guest_lr=82460EC0
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B0 kevent_va=3007E018 prio=0 lr=824AA304
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000B0 result=00000000 lr=824AC578 guest_lr=8245FA10
F> F80000A0 HostPathDevice::ResolvePath(\69d8e45c\8\14c242d)
K> F80000A0 AUDIT-HLC NtCreateEvent handle=F80000B0 type=0 initial_state=0 lr=824A9F6C
K> F80000A0 AUDIT-HLC NtCreateEvent_inner handle=F80000B0 kevent_va=3007E018 lr=824A9F6C
F> F80000A0 HostPathDevice::ResolvePath(\69d8e45c\5\6324af0)
F> F80000A0 HostPathDevice::ResolvePath(\69d8e45c\5)
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000B0 alertable=0 lr=824AC578 guest_lr=8245FA10
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000D0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000D0 kevent_va=30086018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000D0 kevent_va=30086018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000D0 kevent_va=30086018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtDuplicateObject src=F80000B0 dst=F80000D0 options=00000002 lr=824AA3B4
K> F8000048 AUDIT-HLC NtSetEvent handle=F80000D0 lr=824AA304 guest_lr=82460EC0
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B0 kevent_va=3007E018 prio=0 lr=824AA304
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000B0 result=00000000 lr=824AC578 guest_lr=8245FA10
F> F80000A0 HostPathDevice::ResolvePath(\69d8e45c\d\70a9531)
K> F80000A0 AUDIT-HLC NtCreateEvent handle=F80000B0 type=0 initial_state=0 lr=824A9F6C
K> F80000A0 AUDIT-HLC NtCreateEvent_inner handle=F80000B0 kevent_va=3007E018 lr=824A9F6C
F> F80000A0 HostPathDevice::ResolvePath(\69d8e45c\a\c9606f9)
F> F80000A0 HostPathDevice::ResolvePath(\69d8e45c\a)
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000B0 alertable=0 lr=824AC578 guest_lr=8245FA10
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000D0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000D0 kevent_va=30086018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000D0 kevent_va=30086018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000D0 kevent_va=30086018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtDuplicateObject src=F80000B0 dst=F80000D0 options=00000002 lr=824AA3B4
K> F8000048 AUDIT-HLC NtSetEvent handle=F80000D0 lr=824AA304 guest_lr=82460EC0
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B0 kevent_va=3007E018 prio=0 lr=824AA304
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000B0 result=00000000 lr=824AC578 guest_lr=8245FA10
F> F80000A0 HostPathDevice::ResolvePath(\69d8e45c\7\9f2d535)
K> F80000A0 AUDIT-HLC NtCreateEvent handle=F80000B0 type=0 initial_state=0 lr=824A9F6C
K> F80000A0 AUDIT-HLC NtCreateEvent_inner handle=F80000B0 kevent_va=3007E018 lr=824A9F6C
F> F80000A0 HostPathDevice::ResolvePath(\69d8e45c\4\efaecd1)
F> F80000A0 HostPathDevice::ResolvePath(\69d8e45c\4)
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000B0 alertable=0 lr=824AC578 guest_lr=8245FA10
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000D0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000D0 kevent_va=30086018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000D0 kevent_va=30086018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000D0 kevent_va=30086018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtDuplicateObject src=F80000B0 dst=F80000D0 options=00000002 lr=824AA3B4
K> F8000048 AUDIT-HLC NtSetEvent handle=F80000D0 lr=824AA304 guest_lr=82460EC0
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B0 kevent_va=3007E018 prio=0 lr=824AA304
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000B0 result=00000000 lr=824AC578 guest_lr=8245FA10
F> F80000A0 HostPathDevice::ResolvePath(\69d8e45c\7\0c3bba2)
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F80000A0 AUDIT-HLC NtCreateEvent handle=F80000B0 type=0 initial_state=0 lr=824A9F6C
K> F80000A0 AUDIT-HLC NtCreateEvent_inner handle=F80000B0 kevent_va=3007E018 lr=824A9F6C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
F> F80000A0 HostPathDevice::ResolvePath(\69d8e45c\4\59fbfe8)
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
F> F80000A0 HostPathDevice::ResolvePath(\69d8e45c\4)
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000B0 alertable=0 lr=824AC578 guest_lr=8245FA10
K> F8000048 AUDIT-HLC NtCreateEvent handle=F80000D0 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F80000D0 kevent_va=30086018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F80000D0 kevent_va=30086018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000D0 kevent_va=30086018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtDuplicateObject src=F80000B0 dst=F80000D0 options=00000002 lr=824AA3B4
K> F8000048 AUDIT-HLC NtSetEvent handle=F80000D0 lr=824AA304 guest_lr=82460EC0
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000B0 kevent_va=3007E018 prio=0 lr=824AA304
K> F80000A0 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000B0 result=00000000 lr=824AC578 guest_lr=8245FA10
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000038 lr=824AA304 guest_lr=821CC1B8
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000038 kevent_va=30045018 prio=0 lr=824AA304
K> F8000068 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000038 result=00000000 lr=824AC578 guest_lr=822F1FC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000008 AUDIT-HLC XEvent::Set handle=F80000B0 kevent_va=00000000 prio=1 lr=823DF714
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000088 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827EED8C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827E843C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827ED704
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827ED908
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827ECBB8
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827E843C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000088 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827E9C9C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827E843C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827E843C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827E843C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827E9C9C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827E843C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827E9C9C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F800009C alertable=0 lr=824AC578 guest_lr=823DEF4C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800009C result=00000000 lr=824AC578 guest_lr=823DEF4C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800009C lr=824AA304 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800009C kevent_va=3006E018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtCreateEvent handle=F80000BC type=0 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F80000BC kevent_va=3007E018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000BC alertable=0 lr=824AC578 guest_lr=821CC19C
K> F8000068 AUDIT-HLC NtSetEvent handle=F80000BC lr=824AA304 guest_lr=822F1FC8
K> F8000068 AUDIT-HLC XEvent::Set handle=F80000BC kevent_va=3007E018 prio=0 lr=824AA304
K> F8000068 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000038 alertable=0 lr=824AC578 guest_lr=822F1FC8
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000BC result=00000000 lr=824AC578 guest_lr=821CC19C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000038 lr=824AA304 guest_lr=821CC1B8
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000038 kevent_va=30045018 prio=0 lr=824AA304
K> F8000068 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000038 result=00000000 lr=824AC578 guest_lr=822F1FC8
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827E843C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F800009C alertable=0 lr=824AC578 guest_lr=823DEF4C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800009C result=00000000 lr=824AC578 guest_lr=823DEF4C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800009C lr=824AA304 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800009C kevent_va=3006E018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtCreateEvent handle=F80000BC type=0 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F80000BC kevent_va=3007E018 lr=824A9F6C
K> F8000008 AUDIT-HLC ExCreateThread entry=821748F0 start_ctx=BC368FA0 xapi=824AFF88 flags=00000001 lr=824AC5F0 guest_lr=82174828
i> F8000008 XThreadF80000CC (1A) Stack: 70880000-70900000
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F80000CC XThread::Execute thid 26 (handle=F80000CC, 'XThread0214 (F80000CC)', native=00000214)
K> F80000CC AUDIT-HLC XThread::Execute tid=26 start_address=821748F0 start_context=BC368FA0 xapi=824AFF88
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F80000CC AUDIT-HLC NtCreateEvent handle=F80000D0 type=1 initial_state=1 lr=824A9F6C
K> F80000CC AUDIT-HLC NtCreateEvent_inner handle=F80000D0 kevent_va=300A8018 lr=824A9F6C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F80000CC AUDIT-HLC NtCreateEvent handle=F80000DC type=0 initial_state=0 lr=824A9F6C
K> F80000CC AUDIT-HLC NtCreateEvent_inner handle=F80000DC kevent_va=300B0018 lr=824A9F6C
F> F80000CC HostPathDevice::ResolvePath(\aab216c3\5\c10eae6)
F> F80000CC HostPathDevice::ResolvePath(\aab216c3\5)
K> F80000CC AUDIT-HLC NtDuplicateObject src=F80000DC dst=F8000114 options=00000002 lr=824AA3B4
K> F80000CC AUDIT-HLC NtWaitForSingleObjectEx handle=F80000DC alertable=0 lr=824AC578 guest_lr=821CBAE0
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000118 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000118 kevent_va=300B2018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000118 kevent_va=300B2018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000118 kevent_va=300B2018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000118 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000118 kevent_va=300B2018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000118 alertable=0 lr=824AC578 guest_lr=8245148C
K> F8000058 AUDIT-HLC NtSetEvent handle=F8000118 lr=824AA304 guest_lr=82457F18
K> F8000058 AUDIT-HLC XEvent::Set handle=F8000118 kevent_va=300B2018 prio=0 lr=824AA304
K> F8000048 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000118 result=00000000 lr=824AC578 guest_lr=8245148C
K> F8000048 AUDIT-HLC NtSetEvent handle=F8000114 lr=824AA304 guest_lr=82450DF4
K> F8000048 AUDIT-HLC XEvent::Set handle=F80000DC kevent_va=300B0018 prio=0 lr=824AA304
K> F80000CC AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000DC result=00000000 lr=824AC578 guest_lr=821CBAE0
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000088 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000088 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
F> F8000088 DiscImageDevice::ResolvePath(\dat)
K> F8000088 AUDIT-HLC NtDuplicateObject src=F8000104 dst=F8000118 options=00000002 lr=824AA3B4
K> F8000088 AUDIT-HLC NtSetEvent handle=F8000118 lr=824AA304 guest_lr=82460078
K> F8000088 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000104 alertable=0 lr=824AC578 guest_lr=82460150
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000104 result=00000000 lr=824AC578 guest_lr=82460150
K> F8000088 AUDIT-HLC XEvent::Set handle=F80000DC kevent_va=00000000 prio=1 lr=82178D9C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC XEvent::Set handle=F80000DC kevent_va=00000000 prio=1 lr=82178D9C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC XEvent::Set handle=F80000DC kevent_va=00000000 prio=1 lr=82178D9C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC XEvent::Set handle=F80000DC kevent_va=00000000 prio=1 lr=82178D9C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC XEvent::Set handle=F80000DC kevent_va=00000000 prio=1 lr=82178D9C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000048 AUDIT-HLC NtCreateEvent handle=F8000104 type=0 initial_state=0 lr=824A9F6C
K> F8000048 AUDIT-HLC NtCreateEvent_inner handle=F8000104 kevent_va=300B0018 lr=824A9F6C
K> F8000048 AUDIT-HLC NtReadFile_signal_event handle=F8000104 kevent_va=300B0018 lr=824AAFC8
K> F8000048 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=300B0018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=00000000 prio=1 lr=824D11A0
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=00000000 prio=1 lr=824D08C0
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000088 AUDIT-HLC XEvent::Set handle=F80000DC kevent_va=00000000 prio=1 lr=82178D9C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F80000CC AUDIT-HLC XEvent::Set handle=F80000DC kevent_va=00000000 prio=1 lr=8217C6F4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000E0 alertable=0 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000E0 result=00000000 lr=824AC578 guest_lr=821C7D3C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtCreateEvent handle=F80000BC type=0 initial_state=0 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F80000BC kevent_va=3007E018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F80000BC alertable=0 lr=824AC578 guest_lr=82172BC8
K> F8000068 AUDIT-HLC NtSetEvent handle=F80000BC lr=824AA304 guest_lr=822F1FC8
K> F8000068 AUDIT-HLC XEvent::Set handle=F80000BC kevent_va=3007E018 prio=0 lr=824AA304
K> F8000068 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000038 alertable=0 lr=824AC578 guest_lr=822F1FC8
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F80000BC result=00000000 lr=824AC578 guest_lr=82172BC8
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
F> F8000008 DiscImageDevice::ResolvePath(\dat\movie)
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000118 type=0 initial_state=1 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000118 kevent_va=30080018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent handle=F800011C type=0 initial_state=1 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F800011C kevent_va=30086018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000120 type=0 initial_state=1 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000120 kevent_va=300B0018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000124 type=0 initial_state=1 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000124 kevent_va=300B2018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000128 type=0 initial_state=1 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000128 kevent_va=300B4018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent handle=F800012C type=0 initial_state=1 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F800012C kevent_va=300B6018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000130 type=0 initial_state=1 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000130 kevent_va=300B8018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000134 type=0 initial_state=1 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000134 kevent_va=300BA018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtReadFile_signal_event handle=F8000118 kevent_va=30080018 lr=824AAFC8
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000118 kevent_va=30080018 prio=0 lr=824AAFC8
K> F8000008 AUDIT-HLC NtReadFile_signal_event handle=F800011C kevent_va=30086018 lr=824AAFC8
K> F8000008 AUDIT-HLC XEvent::Set handle=F800011C kevent_va=30086018 prio=0 lr=824AAFC8
K> F8000008 AUDIT-HLC NtReadFile_signal_event handle=F8000120 kevent_va=300B0018 lr=824AAFC8
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000120 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000008 AUDIT-HLC NtReadFile_signal_event handle=F8000124 kevent_va=300B2018 lr=824AAFC8
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000124 kevent_va=300B2018 prio=0 lr=824AAFC8
K> F8000008 AUDIT-HLC NtReadFile_signal_event handle=F8000128 kevent_va=300B4018 lr=824AAFC8
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000128 kevent_va=300B4018 prio=0 lr=824AAFC8
K> F8000008 AUDIT-HLC NtReadFile_signal_event handle=F800012C kevent_va=300B6018 lr=824AAFC8
K> F8000008 AUDIT-HLC XEvent::Set handle=F800012C kevent_va=300B6018 prio=0 lr=824AAFC8
K> F8000008 AUDIT-HLC NtReadFile_signal_event handle=F8000130 kevent_va=300B8018 lr=824AAFC8
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000130 kevent_va=300B8018 prio=0 lr=824AAFC8
K> F8000008 AUDIT-HLC NtReadFile_signal_event handle=F8000134 kevent_va=300BA018 lr=824AAFC8
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000134 kevent_va=300BA018 prio=0 lr=824AAFC8
F> F8000008 DiscImageDevice::ResolvePath(\dat\movie)
K> F8000008 AUDIT-HLC NtCreateEvent handle=F800013C type=0 initial_state=1 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F800013C kevent_va=300BC018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000140 type=0 initial_state=1 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000140 kevent_va=300BE018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000144 type=0 initial_state=1 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000144 kevent_va=300C0018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000148 type=0 initial_state=1 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000148 kevent_va=300C2018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent handle=F800014C type=0 initial_state=1 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F800014C kevent_va=300C4018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000150 type=0 initial_state=1 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000150 kevent_va=300C6018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000154 type=0 initial_state=1 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000154 kevent_va=300C8018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent handle=F8000158 type=0 initial_state=1 lr=824A9F6C
K> F8000008 AUDIT-HLC NtCreateEvent_inner handle=F8000158 kevent_va=300CA018 lr=824A9F6C
K> F8000008 AUDIT-HLC NtReadFile_signal_event handle=F800013C kevent_va=300BC018 lr=824AAFC8
K> F8000008 AUDIT-HLC XEvent::Set handle=F800013C kevent_va=300BC018 prio=0 lr=824AAFC8
K> F8000008 AUDIT-HLC NtReadFile_signal_event handle=F8000140 kevent_va=300BE018 lr=824AAFC8
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000140 kevent_va=300BE018 prio=0 lr=824AAFC8
K> F8000008 AUDIT-HLC NtReadFile_signal_event handle=F8000144 kevent_va=300C0018 lr=824AAFC8
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000144 kevent_va=300C0018 prio=0 lr=824AAFC8
K> F8000008 AUDIT-HLC NtReadFile_signal_event handle=F8000148 kevent_va=300C2018 lr=824AAFC8
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000148 kevent_va=300C2018 prio=0 lr=824AAFC8
K> F8000008 AUDIT-HLC NtReadFile_signal_event handle=F800014C kevent_va=300C4018 lr=824AAFC8
K> F8000008 AUDIT-HLC XEvent::Set handle=F800014C kevent_va=300C4018 prio=0 lr=824AAFC8
K> F8000008 AUDIT-HLC NtReadFile_signal_event handle=F8000150 kevent_va=300C6018 lr=824AAFC8
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000150 kevent_va=300C6018 prio=0 lr=824AAFC8
K> F8000008 AUDIT-HLC NtReadFile_signal_event handle=F8000154 kevent_va=300C8018 lr=824AAFC8
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000154 kevent_va=300C8018 prio=0 lr=824AAFC8
K> F8000008 AUDIT-HLC NtReadFile_signal_event handle=F8000158 kevent_va=300CA018 lr=824AAFC8
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000158 kevent_va=300CA018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC ExCreateThread entry=82506528 start_ctx=BCE25340 xapi=824AFF88 flags=00000001 lr=824AC5F0 guest_lr=824F7B24
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
i> F8000008 XThreadF800015C (1B) Stack: 70880000-70890000
K> F8000008 AUDIT-HLC ExCreateThread entry=82506558 start_ctx=BCE25340 xapi=824AFF88 flags=00000001 lr=824AC5F0 guest_lr=824F7B24
i> F8000008 XThreadF8000160 (1C) Stack: 708B0000-708C0000
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC ExCreateThread entry=82506588 start_ctx=BCE25340 xapi=824AFF88 flags=00000001 lr=824AC5F0 guest_lr=824F7B24
i> F8000008 XThreadF8000164 (1D) Stack: 708E0000-708F0000
K> F8000008 AUDIT-HLC ExCreateThread entry=825065B8 start_ctx=BCE25340 xapi=824AFF88 flags=00000001 lr=824AC5F0 guest_lr=824F7B24
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
i> F8000008 XThreadF8000168 (1E) Stack: 70910000-70920000
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=00000000 prio=1 lr=824D09C4
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=00000000 prio=1 lr=824D08C0
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=00000000 prio=1 lr=824D091C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000038 lr=824AA304 guest_lr=82172DF4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000038 kevent_va=30045018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000068 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000038 result=00000000 lr=824AC578 guest_lr=822F1FC8
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE25404 lr=82507ABC
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000178 kevent_va=00000000 prio=1 lr=82507ABC
K> F8000160 XThread::Execute thid 28 (handle=F8000160, 'XThread021C (F8000160)', native=0000021C)
K> F8000160 AUDIT-HLC XThread::Execute tid=28 start_address=82506558 start_context=BCE25340 xapi=824AFF88
K> F800015C XThread::Execute thid 27 (handle=F800015C, 'XThread0218 (F800015C)', native=00000218)
K> F800015C AUDIT-HLC XThread::Execute tid=27 start_address=82506528 start_context=BCE25340 xapi=824AFF88
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800013C kevent_va=300BC018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800013C kevent_va=300BC018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000140 kevent_va=300BE018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000140 kevent_va=300BE018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000144 kevent_va=300C0018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000144 kevent_va=300C0018 prio=0 lr=824AAFC8
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000148 kevent_va=300C2018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000148 kevent_va=300C2018 prio=0 lr=824AAFC8
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000164 XThread::Execute thid 29 (handle=F8000164, 'XThread0220 (F8000164)', native=00000220)
K> F8000164 AUDIT-HLC XThread::Execute tid=29 start_address=82506588 start_context=BCE25340 xapi=824AFF88
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800014C kevent_va=300C4018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800014C kevent_va=300C4018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000118 kevent_va=30080018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000118 kevent_va=30080018 prio=0 lr=824AAFC8
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000150 kevent_va=300C6018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000150 kevent_va=300C6018 prio=0 lr=824AAFC8
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000154 kevent_va=300C8018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000154 kevent_va=300C8018 prio=0 lr=824AAFC8
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000158 kevent_va=300CA018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000158 kevent_va=300CA018 prio=0 lr=824AAFC8
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800011C kevent_va=30086018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800011C kevent_va=30086018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800013C kevent_va=300BC018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800013C kevent_va=300BC018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827ED1E4
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827E843C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000140 kevent_va=300BE018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000140 kevent_va=300BE018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000120 kevent_va=300B0018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000120 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000144 kevent_va=300C0018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000144 kevent_va=300C0018 prio=0 lr=824AAFC8
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000148 kevent_va=300C2018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000148 kevent_va=300C2018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800014C kevent_va=300C4018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800014C kevent_va=300C4018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000150 kevent_va=300C6018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000150 kevent_va=300C6018 prio=0 lr=824AAFC8
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000124 kevent_va=300B2018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000124 kevent_va=300B2018 prio=0 lr=824AAFC8
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000154 kevent_va=300C8018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000154 kevent_va=300C8018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000158 kevent_va=300CA018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000158 kevent_va=300CA018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000128 kevent_va=300B4018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000128 kevent_va=300B4018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800013C kevent_va=300BC018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800013C kevent_va=300BC018 prio=0 lr=824AAFC8
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827E843C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800012C kevent_va=300B6018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800012C kevent_va=300B6018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000140 kevent_va=300BE018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000140 kevent_va=300BE018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000144 kevent_va=300C0018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000144 kevent_va=300C0018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000130 kevent_va=300B8018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000130 kevent_va=300B8018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000134 kevent_va=300BA018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000134 kevent_va=300BA018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000148 kevent_va=300C2018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000148 kevent_va=300C2018 prio=0 lr=824AAFC8
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800014C kevent_va=300C4018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800014C kevent_va=300C4018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000150 kevent_va=300C6018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000150 kevent_va=300C6018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000118 kevent_va=30080018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000118 kevent_va=30080018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000154 kevent_va=300C8018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000154 kevent_va=300C8018 prio=0 lr=824AAFC8
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800011C kevent_va=30086018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800011C kevent_va=30086018 prio=0 lr=824AAFC8
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000158 kevent_va=300CA018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000158 kevent_va=300CA018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000120 kevent_va=300B0018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000120 kevent_va=300B0018 prio=0 lr=824AAFC8
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800013C kevent_va=300BC018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800013C kevent_va=300BC018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000140 kevent_va=300BE018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000140 kevent_va=300BE018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000144 kevent_va=300C0018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000144 kevent_va=300C0018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000124 kevent_va=300B2018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000124 kevent_va=300B2018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000148 kevent_va=300C2018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000148 kevent_va=300C2018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000128 kevent_va=300B4018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000128 kevent_va=300B4018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800014C kevent_va=300C4018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800014C kevent_va=300C4018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000150 kevent_va=300C6018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000150 kevent_va=300C6018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800012C kevent_va=300B6018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800012C kevent_va=300B6018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000154 kevent_va=300C8018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000154 kevent_va=300C8018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000130 kevent_va=300B8018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000130 kevent_va=300B8018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000158 kevent_va=300CA018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000158 kevent_va=300CA018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800013C kevent_va=300BC018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800013C kevent_va=300BC018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000134 kevent_va=300BA018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000134 kevent_va=300BA018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000140 kevent_va=300BE018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000140 kevent_va=300BE018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000118 kevent_va=30080018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000118 kevent_va=30080018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000144 kevent_va=300C0018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000144 kevent_va=300C0018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800011C kevent_va=30086018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800011C kevent_va=30086018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000120 kevent_va=300B0018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000120 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000124 kevent_va=300B2018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000124 kevent_va=300B2018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000148 kevent_va=300C2018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000148 kevent_va=300C2018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000128 kevent_va=300B4018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000128 kevent_va=300B4018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800012C kevent_va=300B6018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800012C kevent_va=300B6018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800014C kevent_va=300C4018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800014C kevent_va=300C4018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000150 kevent_va=300C6018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000150 kevent_va=300C6018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000130 kevent_va=300B8018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000130 kevent_va=300B8018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000154 kevent_va=300C8018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000154 kevent_va=300C8018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000134 kevent_va=300BA018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000134 kevent_va=300BA018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000118 kevent_va=30080018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000118 kevent_va=30080018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000158 kevent_va=300CA018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000158 kevent_va=300CA018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800013C kevent_va=300BC018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800013C kevent_va=300BC018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000140 kevent_va=300BE018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000140 kevent_va=300BE018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800011C kevent_va=30086018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800011C kevent_va=30086018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000144 kevent_va=300C0018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000144 kevent_va=300C0018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000148 kevent_va=300C2018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000148 kevent_va=300C2018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000120 kevent_va=300B0018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000120 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000124 kevent_va=300B2018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000124 kevent_va=300B2018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800014C kevent_va=300C4018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800014C kevent_va=300C4018 prio=0 lr=824AAFC8
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000150 kevent_va=300C6018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000150 kevent_va=300C6018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000128 kevent_va=300B4018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000128 kevent_va=300B4018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000154 kevent_va=300C8018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000154 kevent_va=300C8018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827E843C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800012C kevent_va=300B6018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800012C kevent_va=300B6018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000130 kevent_va=300B8018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000130 kevent_va=300B8018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000158 kevent_va=300CA018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000158 kevent_va=300CA018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800013C kevent_va=300BC018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800013C kevent_va=300BC018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000134 kevent_va=300BA018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000134 kevent_va=300BA018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000140 kevent_va=300BE018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000140 kevent_va=300BE018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000144 kevent_va=300C0018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000144 kevent_va=300C0018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000118 kevent_va=30080018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000118 kevent_va=30080018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800011C kevent_va=30086018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800011C kevent_va=30086018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000148 kevent_va=300C2018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000148 kevent_va=300C2018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000120 kevent_va=300B0018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000120 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800014C kevent_va=300C4018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800014C kevent_va=300C4018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000150 kevent_va=300C6018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000150 kevent_va=300C6018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000154 kevent_va=300C8018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000154 kevent_va=300C8018 prio=0 lr=824AAFC8
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000158 kevent_va=300CA018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000158 kevent_va=300CA018 prio=0 lr=824AAFC8
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800013C kevent_va=300BC018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800013C kevent_va=300BC018 prio=0 lr=824AAFC8
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000140 kevent_va=300BE018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000140 kevent_va=300BE018 prio=0 lr=824AAFC8
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000144 kevent_va=300C0018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000144 kevent_va=300C0018 prio=0 lr=824AAFC8
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000148 kevent_va=300C2018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000148 kevent_va=300C2018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800014C kevent_va=300C4018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800014C kevent_va=300C4018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000124 kevent_va=300B2018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000124 kevent_va=300B2018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000150 kevent_va=300C6018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000150 kevent_va=300C6018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000154 kevent_va=300C8018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000154 kevent_va=300C8018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000158 kevent_va=300CA018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000158 kevent_va=300CA018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000128 kevent_va=300B4018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000128 kevent_va=300B4018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800013C kevent_va=300BC018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800013C kevent_va=300BC018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000140 kevent_va=300BE018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000140 kevent_va=300BE018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000144 kevent_va=300C0018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000144 kevent_va=300C0018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800012C kevent_va=300B6018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800012C kevent_va=300B6018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000130 kevent_va=300B8018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000130 kevent_va=300B8018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000148 kevent_va=300C2018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000148 kevent_va=300C2018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800014C kevent_va=300C4018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800014C kevent_va=300C4018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000150 kevent_va=300C6018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000150 kevent_va=300C6018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000134 kevent_va=300BA018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000134 kevent_va=300BA018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000118 kevent_va=30080018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000118 kevent_va=30080018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000154 kevent_va=300C8018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000154 kevent_va=300C8018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000158 kevent_va=300CA018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000158 kevent_va=300CA018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800013C kevent_va=300BC018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800013C kevent_va=300BC018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800011C kevent_va=30086018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800011C kevent_va=30086018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000120 kevent_va=300B0018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000120 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000140 kevent_va=300BE018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000140 kevent_va=300BE018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000144 kevent_va=300C0018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000144 kevent_va=300C0018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827E843C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827E9C9C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000124 kevent_va=300B2018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000124 kevent_va=300B2018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000128 kevent_va=300B4018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000128 kevent_va=300B4018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000148 kevent_va=300C2018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000148 kevent_va=300C2018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800014C kevent_va=300C4018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800014C kevent_va=300C4018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000150 kevent_va=300C6018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000150 kevent_va=300C6018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800012C kevent_va=300B6018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800012C kevent_va=300B6018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000130 kevent_va=300B8018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000130 kevent_va=300B8018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000154 kevent_va=300C8018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000154 kevent_va=300C8018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000158 kevent_va=300CA018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000158 kevent_va=300CA018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800013C kevent_va=300BC018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800013C kevent_va=300BC018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000134 kevent_va=300BA018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000134 kevent_va=300BA018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000140 kevent_va=300BE018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000140 kevent_va=300BE018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000144 kevent_va=300C0018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000144 kevent_va=300C0018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000164 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=00000000 prio=1 lr=824D0978
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000148 kevent_va=300C2018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000148 kevent_va=300C2018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000118 kevent_va=30080018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000118 kevent_va=30080018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800014C kevent_va=300C4018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800014C kevent_va=300C4018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000150 kevent_va=300C6018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000150 kevent_va=300C6018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800011C kevent_va=30086018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800011C kevent_va=30086018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000154 kevent_va=300C8018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000154 kevent_va=300C8018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000158 kevent_va=300CA018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000158 kevent_va=300CA018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800013C kevent_va=300BC018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800013C kevent_va=300BC018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000120 kevent_va=300B0018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000120 kevent_va=300B0018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000124 kevent_va=300B2018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000124 kevent_va=300B2018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000140 kevent_va=300BE018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000140 kevent_va=300BE018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000144 kevent_va=300C0018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000144 kevent_va=300C0018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000148 kevent_va=300C2018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000148 kevent_va=300C2018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000128 kevent_va=300B4018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000128 kevent_va=300B4018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800014C kevent_va=300C4018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800014C kevent_va=300C4018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000150 kevent_va=300C6018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000150 kevent_va=300C6018 prio=0 lr=824AAFC8
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800012C kevent_va=300B6018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800012C kevent_va=300B6018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000130 kevent_va=300B8018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000130 kevent_va=300B8018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000154 kevent_va=300C8018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000154 kevent_va=300C8018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000134 kevent_va=300BA018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000134 kevent_va=300BA018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000158 kevent_va=300CA018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000158 kevent_va=300CA018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000118 kevent_va=30080018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000118 kevent_va=30080018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800011C kevent_va=30086018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800011C kevent_va=30086018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800013C kevent_va=300BC018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800013C kevent_va=300BC018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000140 kevent_va=300BE018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000140 kevent_va=300BE018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000120 kevent_va=300B0018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000120 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000124 kevent_va=300B2018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000124 kevent_va=300B2018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000128 kevent_va=300B4018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000128 kevent_va=300B4018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800012C kevent_va=300B6018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800012C kevent_va=300B6018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000144 kevent_va=300C0018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000144 kevent_va=300C0018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000090 kevent_va=00000000 prio=1 lr=827E843C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000130 kevent_va=300B8018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000130 kevent_va=300B8018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000134 kevent_va=300BA018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000134 kevent_va=300BA018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000118 kevent_va=30080018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000118 kevent_va=30080018 prio=0 lr=824AAFC8
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000148 kevent_va=300C2018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000148 kevent_va=300C2018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800014C kevent_va=300C4018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800014C kevent_va=300C4018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800011C kevent_va=30086018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800011C kevent_va=30086018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000120 kevent_va=300B0018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000120 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000124 kevent_va=300B2018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000124 kevent_va=300B2018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000128 kevent_va=300B4018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000128 kevent_va=300B4018 prio=0 lr=824AAFC8
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000150 kevent_va=300C6018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000150 kevent_va=300C6018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800012C kevent_va=300B6018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800012C kevent_va=300B6018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000130 kevent_va=300B8018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000130 kevent_va=300B8018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000134 kevent_va=300BA018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000134 kevent_va=300BA018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000154 kevent_va=300C8018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000154 kevent_va=300C8018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F8000158 kevent_va=300CA018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F8000158 kevent_va=300CA018 prio=0 lr=824AAFC8
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000118 kevent_va=30080018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000118 kevent_va=30080018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800011C kevent_va=30086018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800011C kevent_va=30086018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000120 kevent_va=300B0018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000120 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000088 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=00000000 prio=1 lr=824D08C0
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000124 kevent_va=300B2018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000124 kevent_va=300B2018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000128 kevent_va=300B4018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000128 kevent_va=300B4018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800012C kevent_va=300B6018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800012C kevent_va=300B6018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000130 kevent_va=300B8018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000130 kevent_va=300B8018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000134 kevent_va=300BA018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000134 kevent_va=300BA018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000118 kevent_va=30080018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000118 kevent_va=30080018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800011C kevent_va=30086018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800011C kevent_va=30086018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000120 kevent_va=300B0018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000120 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000124 kevent_va=300B2018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000124 kevent_va=300B2018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000088 AUDIT-HLC XEvent::Set handle=F8000104 kevent_va=00000000 prio=1 lr=824D0868
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000160 AUDIT-HLC NtReadFile_signal_event handle=F800013C kevent_va=300BC018 lr=824AAFC8
K> F8000160 AUDIT-HLC XEvent::Set handle=F800013C kevent_va=300BC018 prio=0 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000128 kevent_va=300B4018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000128 kevent_va=300B4018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800012C kevent_va=300B6018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800012C kevent_va=300B6018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000130 kevent_va=300B8018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000130 kevent_va=300B8018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000134 kevent_va=300BA018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000134 kevent_va=300BA018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000118 kevent_va=30080018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000118 kevent_va=30080018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F800011C kevent_va=30086018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F800011C kevent_va=30086018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000120 kevent_va=300B0018 lr=824AAFC8
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F800015C AUDIT-HLC XEvent::Set handle=F8000120 kevent_va=300B0018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000124 kevent_va=300B2018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000124 kevent_va=300B2018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC NtReadFile_signal_event handle=F8000128 kevent_va=300B4018 lr=824AAFC8
K> F800015C AUDIT-HLC XEvent::Set handle=F8000128 kevent_va=300B4018 prio=0 lr=824AAFC8
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000160 AUDIT-HLC KeSetEvent guest_ptr=BCE253C4 lr=82506F9C
K> F8000160 AUDIT-HLC XEvent::Set handle=F800017C kevent_va=00000000 prio=1 lr=82506F9C
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE25394 lr=82508510
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000188 kevent_va=00000000 prio=1 lr=82508510
K> F8000074 AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82508524
K> F8000074 AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82508524
K> 01000014 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=0 cpu=2
K> 01000014 AUDIT-HLC NtSetEvent handle=F8000060 lr=824AA304 guest_lr=824BEAAC
K> 01000014 AUDIT-HLC XEvent::Set handle=F8000060 kevent_va=30053018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F8000060 result=00000000 lr=824AC578 guest_lr=8216EE14
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> F8000008 AUDIT-HLC NtSetEvent handle=F800000C lr=824AA304 guest_lr=822F1D5C
K> F8000008 AUDIT-HLC XEvent::Set handle=F800000C kevent_va=30029018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtSetEvent handle=F8000064 lr=824AA304 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx_done handle=F800000C result=00000000 lr=824AC578 guest_lr=824AFFC4
K> F8000008 AUDIT-HLC XEvent::Set handle=F8000064 kevent_va=30055018 prio=0 lr=824AA304
K> F8000008 AUDIT-HLC NtWaitForSingleObjectEx handle=F8000060 alertable=0 lr=824AC578 guest_lr=8216EE14
K> F8000088 AUDIT-HLC NtWaitForSingleObjectEx handle=F800000C alertable=0 lr=824AC578 guest_lr=824AFFC4
K> F800015C AUDIT-HLC KeSetEvent guest_ptr=BCE253B4 lr=82506C90
K> F800015C AUDIT-HLC XEvent::Set handle=F8000184 kevent_va=00000000 prio=1 lr=82506C90
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> 01000010 AUDIT-HLC EmulateCPInterruptDPC callback=824BE9A0 data=BE568F00 source=1 cpu=2
K> F8000068 AUDIT-HLC KeSetEvent guest_ptr=BCE253A4 lr=82508358
K> F8000068 AUDIT-HLC XEvent::Set handle=F8000180 kevent_va=00000000 prio=1 lr=82508358
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
K> 0100001C AUDIT-HLC KeSetEvent guest_ptr=828A3254 lr=824D2A44
K> 0100001C AUDIT-HLC XEvent::Set handle=F8000078 kevent_va=00000000 prio=1 lr=824D2A44
K> F8000070 AUDIT-HLC KeSetEvent guest_ptr=828A3244 lr=824D292C
K> F8000070 AUDIT-HLC XEvent::Set handle=F8000080 kevent_va=00000000 prio=1 lr=824D292C
Reference in New Issue View Git Blame Copy Permalink