Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
L2T worker exceeds 2GB cap, kills worker and then spins off more workers than defined at CML until proces hangs.
See original GitHub issueDescription of problem:
Log2Timeline chokes on a specific VSS artifact, kills worker and spins up much more workers than defined at command line. System crashes after memory fills up to max.
Command line and arguments:
log2timeline.py --workers 4 --status_view window --logfile /data/l2t_!PRIVACY!.log /data/!PRIVACY!.plaso /data/Evidence/!Privacy!.E01
Source data:
Microsoft Windows based E01 Image File with multiple partitions and one VSS. Image is stored at a Windows based Samba fileshare and dir of located E01 image file is mounted using Cifs Utils on 18.04 Ubuntu server. This mount is mounted again in Plaso Docker container.
Plaso version:
20190331
Operating system Plaso is running on:
Docker based Plaso instance pulled from Docker hub. Docker is running on Ubuntu 18.04 Bionic
Installation method:
Docker based Plaso instance pulled from Docker hub. Docker is running on Ubuntu 18.04 Bionic
Debug output/tracebacks:
Seems Worker_01 chokes on MRT-KB890830.exe and gets killed. New multiple workers get spinned off after that. See below (traceback at bottom):
Source type : storage media image
Processing time : 09:49:30
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69812
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537782 (10)
Worker_00 27 running 1.8 GiB 50182 (0) 74502 (0) VSS1:TSK:/Windows/System32/MrmDeploy.dll
Worker_01 29 running 1.9 GiB 134042 (0) 130647 (5) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 extracting 1.8 GiB 69361 (0) 78477 (4) VSS1:TSK:/Windows/System32/MrmCoreR.dll
Worker_03 33 running 1.9 GiB 44389 (0) 254160 (5) VSS1:TSK:/Windows/System32/MrmIndexer.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:31
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69813
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537787 (5)
Worker_00 27 running 1.8 GiB 50182 (0) 74502 (0) VSS1:TSK:/Windows/System32/MrmDeploy.dll
Worker_01 29 running 1.9 GiB 134042 (0) 130647 (0) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 running 1.8 GiB 69361 (0) 78478 (1) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254160 (0) VSS1:TSK:/Windows/System32/MrmIndexer.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:31
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69814
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537792 (5)
Worker_00 27 running 1.8 GiB 50182 (0) 74507 (5) VSS1:TSK:/Windows/System32/mrt_map.dll
Worker_01 29 running 1.9 GiB 134042 (0) 130647 (0) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 running 1.8 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 idle 1.9 GiB 44389 (0) 254165 (5) VSS1:TSK:/Windows/System32/MrmIndexer.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:32
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69815
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537797 (5)
Worker_00 27 running 1.8 GiB 50182 (0) 74507 (0) VSS1:TSK:/Windows/System32/mrt_map.dll
Worker_01 29 running 1.9 GiB 134042 (0) 130647 (0) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 running 1.8 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254165 (0) VSS1:TSK:/Windows/System32/XboxNetApiSvc.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:32
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69816
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537802 (5)
Worker_00 27 running 1.8 GiB 50182 (0) 74512 (5) VSS1:TSK:/Windows/System32/xcopy.exe
Worker_01 29 running 1.9 GiB 134042 (0) 130647 (0) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 running 1.8 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254165 (0) VSS1:TSK:/Windows/System32/XboxNetApiSvc.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:33
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69817
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537807 (5)
Worker_00 27 running 1.8 GiB 50182 (0) 74512 (0) VSS1:TSK:/Windows/System32/xcopy.exe
Worker_01 29 running 1.9 GiB 134042 (0) 130647 (0) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 running 1.8 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254170 (5) VSS1:TSK:/Windows/System32/XInput1_4.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:33
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69817
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537807 (0)
Worker_00 27 running 1.8 GiB 50182 (0) 74512 (0) VSS1:TSK:/Windows/System32/xcopy.exe
Worker_01 29 running 1.9 GiB 134042 (0) 130647 (0) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 running 1.8 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254170 (0) VSS1:TSK:/Windows/System32/XInput1_4.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:34
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69818
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537812 (5)
Worker_00 27 running 1.8 GiB 50182 (0) 74517 (5) VSS1:TSK:/Windows/System32/XInput9_1_0.dll
Worker_01 29 running 1.9 GiB 134042 (0) 130647 (0) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 running 1.8 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254170 (0) VSS1:TSK:/Windows/System32/XInput1_4.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:34
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69819
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537817 (5)
Worker_00 27 running 1.8 GiB 50182 (0) 74517 (0) VSS1:TSK:/Windows/System32/XInput9_1_0.dll
Worker_01 29 running 1.9 GiB 134042 (0) 130647 (0) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 running 1.8 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254175 (5) VSS1:TSK:/Windows/System32/XInputUap.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:35
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69820
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537822 (5)
Worker_00 27 running 1.8 GiB 50182 (0) 74522 (5) VSS1:TSK:/Windows/System32/xmlfilter.dll
Worker_01 29 running 1.9 GiB 134042 (0) 130647 (0) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 running 1.8 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254175 (0) VSS1:TSK:/Windows/System32/XInputUap.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:35
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69820
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537822 (0)
Worker_00 27 running 1.8 GiB 50182 (0) 74522 (0) VSS1:TSK:/Windows/System32/xmlfilter.dll
Worker_01 29 hashing 1.9 GiB 134042 (0) 130647 (0) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 hashing 1.9 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 extracting 1.9 GiB 44389 (0) 254179 (4) VSS1:TSK:/Windows/System32/XInputUap.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:36
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69821
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537827 (5)
Worker_00 27 running 1.8 GiB 50182 (0) 74522 (0) VSS1:TSK:/Windows/System32/xmlfilter.dll
Worker_01 29 hashing 1.9 GiB 134042 (0) 130647 (0) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 hashing 1.9 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254180 (1) VSS1:TSK:/Windows/System32/xmllite.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:36
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69822
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537832 (5)
Worker_00 27 running 1.8 GiB 50182 (0) 74527 (5) VSS1:TSK:/Windows/System32/xmlprovi.dll
Worker_01 29 hashing 1.9 GiB 134042 (0) 130647 (0) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 hashing 1.9 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254180 (0) VSS1:TSK:/Windows/System32/xmllite.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:37
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69823
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537837 (5)
Worker_00 27 running 1.8 GiB 50182 (0) 74527 (0) VSS1:TSK:/Windows/System32/xmlprovi.dll
Worker_01 29 hashing 1.9 GiB 134042 (0) 130647 (0) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 hashing 1.9 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254185 (5) VSS1:TSK:/Windows/System32/xolehlp.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:37
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69824
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537842 (5)
Worker_00 27 running 1.8 GiB 50182 (0) 74532 (5) VSS1:TSK:/Windows/System32/XpsDocumentTargetPrint.dll
Worker_01 29 hashing 1.9 GiB 134042 (0) 130647 (0) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 hashing 1.9 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254185 (0) VSS1:TSK:/Windows/System32/xolehlp.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:38
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69824
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537842 (0)
Worker_00 27 running 1.8 GiB 50182 (0) 74532 (0) VSS1:TSK:/Windows/System32/XpsDocumentTargetPrint.dll
Worker_01 29 hashing 1.9 GiB 134042 (0) 130647 (0) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 hashing 1.9 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254185 (0) VSS1:TSK:/Windows/System32/xolehlp.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:38
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69825
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537847 (5)
Worker_00 27 extracting 1.8 GiB 50182 (0) 74536 (4) VSS1:TSK:/Windows/System32/XpsDocumentTargetPrint.dll
Worker_01 29 hashing 1.9 GiB 134042 (0) 130647 (0) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 hashing 1.9 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254190 (5) VSS1:TSK:/Windows/System32/XpsFilt.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:39
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69826
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537852 (5)
Worker_00 27 running 1.8 GiB 50182 (0) 74537 (1) VSS1:TSK:/Windows/System32/XpsGdiConverter.dll
Worker_01 29 hashing 1.9 GiB 134042 (0) 130647 (0) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 hashing 1.9 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254190 (0) VSS1:TSK:/Windows/System32/XpsFilt.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:40
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69826
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537852 (0)
Worker_00 27 running 1.8 GiB 50182 (0) 74537 (0) VSS1:TSK:/Windows/System32/XpsGdiConverter.dll
Worker_01 29 hashing 1.9 GiB 134042 (0) 130647 (0) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 hashing 1.9 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254190 (0) VSS1:TSK:/Windows/System32/XpsFilt.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:40
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69828
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537862 (10)
Worker_00 27 running 1.8 GiB 50182 (0) 74542 (5) VSS1:TSK:/Windows/System32/XpsRasterService.dll
Worker_01 29 hashing 1.9 GiB 134042 (0) 130647 (0) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 hashing 1.9 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254195 (5) VSS1:TSK:/Windows/System32/XpsPrint.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:41
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69828
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537862 (0)
Worker_00 27 running 1.8 GiB 50182 (0) 74542 (0) VSS1:TSK:/Windows/System32/XpsRasterService.dll
Worker_01 29 hashing 1.9 GiB 134042 (0) 130647 (0) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 hashing 1.9 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254195 (0) VSS1:TSK:/Windows/System32/XpsPrint.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:41
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69828
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537862 (0)
Worker_00 27 idle 1.8 GiB 50182 (0) 74547 (5) VSS1:TSK:/Windows/System32/XpsRasterService.dll
Worker_01 29 hashing 1.9 GiB 134042 (0) 130647 (0) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 hashing 1.9 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254195 (0) VSS1:TSK:/Windows/System32/XpsPrint.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:42
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69830
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537872 (10)
Worker_00 27 running 1.8 GiB 50182 (0) 74547 (0) VSS1:TSK:/Windows/System32/xpsrchvw.exe
Worker_01 29 extracting 2.0 GiB 134042 (0) 130651 (4) VSS1:TSK:/Windows/System32/MRT-KB890830.exe
Worker_02 31 hashing 1.9 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254200 (5) VSS1:TSK:/Windows/System32/xpsrchvw.xml
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:43
Tasks: Queued Processing Merging Abandoned Total
10002 4 0 0 69830
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537872 (0)
Worker_00 27 running 1.8 GiB 50182 (0) 74547 (0) VSS1:TSK:/Windows/System32/xpsrchvw.exe
Worker_01 29 killed 0 B 134042 (0) 130651 (4)
Worker_02 31 hashing 1.9 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254200 (0) VSS1:TSK:/Windows/System32/xpsrchvw.xml
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:43
Tasks: Queued Processing Merging Abandoned Total
10002 7 0 0 69835
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537881 (9)
Worker_00 27 running 1.8 GiB 50182 (0) 74552 (5) VSS1:TSK:/Windows/System32/xwizards.dll
Worker_01 29 killed 0 B 134042 (0) 130651 (4)
Worker_02 31 hashing 1.9 GiB 69361 (0) 78478 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254204 (4) VSS1:TSK:/Windows/System32/xwizard.dtd
Worker_04 44 running 1.8 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/XPSSHHDR.dll
Worker_05 46 running 1.8 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/xwizard.exe
Worker_06 48 running 1.8 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/xwreg.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:44
Tasks: Queued Processing Merging Abandoned Total
10002 7 0 0 69835
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537881 (0)
Worker_00 27 running 1.8 GiB 50182 (0) 74552 (0) VSS1:TSK:/Windows/System32/xwizards.dll
Worker_01 29 killed 0 B 134042 (0) 130651 (4)
Worker_02 31 extracting 2.0 GiB 69361 (0) 78482 (4) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254204 (0) VSS1:TSK:/Windows/System32/xwizard.dtd
Worker_04 44 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/XPSSHHDR.dll
Worker_05 46 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/xwizard.exe
Worker_06 48 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/xwreg.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:44
Tasks: Queued Processing Merging Abandoned Total
10002 7 0 0 69835
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537881 (0)
Worker_00 27 running 1.8 GiB 50182 (0) 74552 (0) VSS1:TSK:/Windows/System32/xwizards.dll
Worker_01 29 killed 0 B 134042 (0) 130651 (4)
Worker_02 31 extracting 2.0 GiB 69361 (0) 78482 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 extracting 1.9 GiB 44389 (0) 254208 (4) VSS1:TSK:/Windows/System32/xwizard.dtd
Worker_04 44 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/XPSSHHDR.dll
Worker_05 46 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/xwizard.exe
Worker_06 48 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/xwreg.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:45
Tasks: Queued Processing Merging Abandoned Total
10002 7 0 0 69837
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537890 (9)
Worker_00 27 running 1.8 GiB 50182 (0) 74557 (5) VSS1:TSK:/Windows/System32/xwtpw32.dll
Worker_01 29 killed 0 B 134042 (0) 130651 (4)
Worker_02 31 extracting 2.0 GiB 69361 (0) 78482 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254208 (0) VSS1:TSK:/Windows/System32/xwtpdui.dll
Worker_04 44 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/XPSSHHDR.dll
Worker_05 46 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/xwizard.exe
Worker_06 48 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/xwreg.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:45
Tasks: Queued Processing Merging Abandoned Total
10002 7 0 0 69837
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537890 (0)
Worker_00 27 running 1.8 GiB 50182 (0) 74557 (0) VSS1:TSK:/Windows/System32/xwtpw32.dll
Worker_01 29 killed 0 B 134042 (0) 130651 (4)
Worker_02 31 extracting 2.0 GiB 69361 (0) 78482 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254208 (0) VSS1:TSK:/Windows/System32/xwtpdui.dll
Worker_04 44 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/XPSSHHDR.dll
Worker_05 46 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/xwizard.exe
Worker_06 48 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/xwreg.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:46
Tasks: Queued Processing Merging Abandoned Total
10002 7 0 0 69839
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537900 (10)
Worker_00 27 running 1.8 GiB 50182 (0) 74562 (5) VSS1:TSK:/Windows/System32/zipcontainer.dll
Worker_01 29 killed 0 B 134042 (0) 130651 (4)
Worker_02 31 extracting 2.0 GiB 69361 (0) 78482 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254213 (5) VSS1:TSK:/Windows/System32/ztrace_maps.dll
Worker_04 44 running 2.0 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/XPSSHHDR.dll
Worker_05 46 running 2.0 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/xwizard.exe
Worker_06 48 running 2.0 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/xwreg.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:46
Tasks: Queued Processing Merging Abandoned Total
10002 7 0 0 69839
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537900 (0)
Worker_00 27 running 1.8 GiB 50182 (0) 74562 (0) VSS1:TSK:/Windows/System32/zipcontainer.dll
Worker_01 29 killed 0 B 134042 (0) 130651 (4)
Worker_02 31 extracting 2.0 GiB 69361 (0) 78482 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254213 (0) VSS1:TSK:/Windows/System32/ztrace_maps.dll
Worker_04 44 running 2.1 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/XPSSHHDR.dll
Worker_05 46 running 2.1 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/xwizard.exe
Worker_06 48 running 2.1 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/xwreg.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:48
Tasks: Queued Processing Merging Abandoned Total
10008 6 0 0 69847
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537914 (14)
Worker_00 27 running 1.8 GiB 50182 (0) 74571 (9) VSS1:TSK:/Windows/System32/AcLayers.dll
Worker_01 29 killed 0 B 134042 (0) 130651 (4)
Worker_02 31 extracting 2.0 GiB 69361 (0) 78482 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254213 (0) VSS1:TSK:/Windows/System32/ztrace_maps.dll
Worker_04 44 killed 0 B 0 (0) 0 (0)
Worker_05 46 killed 0 B 0 (0) 0 (0)
Worker_06 48 killed 0 B 0 (0) 0 (0)
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:49
Tasks: Queued Processing Merging Abandoned Total
10002 15 0 0 69851
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537919 (5)
Worker_00 27 running 1.8 GiB 50182 (0) 74571 (0) VSS1:TSK:/Windows/System32/AcLayers.dll
Worker_01 29 killed 0 B 134042 (0) 130651 (4)
Worker_02 31 extracting 2.0 GiB 69361 (0) 78482 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254223 (10) VSS1:TSK:/Windows/System32/acmigration.dll
Worker_04 44 killed 0 B 0 (0) 0 (0)
Worker_05 46 killed 0 B 0 (0) 0 (0)
Worker_06 48 killed 0 B 0 (0) 0 (0)
Worker_07 56 running 2.0 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/AboveLockAppHost.dll
Worker_08 58 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/accessibilitycpl.dll
Worker_09 60 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/accountaccessor.dll
Worker_10 62 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/AccountsRt.dll
Worker_11 66 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/AcGenral.dll
Worker_12 70 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/acledit.dll
Worker_13 74 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/aclui.dll
Worker_14 78 running 1.8 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/ACPBackgroundManagerPolicy.dll
Worker_15 82 initialized 1.8 GiB 0 (0) 0 (0)
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:49
Tasks: Queued Processing Merging Abandoned Total
10002 16 0 0 69852
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537919 (0)
Worker_00 27 running 1.8 GiB 50182 (0) 74571 (0) VSS1:TSK:/Windows/System32/AcLayers.dll
Worker_01 29 killed 0 B 134042 (0) 130651 (4)
Worker_02 31 extracting 2.0 GiB 69361 (0) 78482 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254223 (0) VSS1:TSK:/Windows/System32/acmigration.dll
Worker_04 44 killed 0 B 0 (0) 0 (0)
Worker_05 46 killed 0 B 0 (0) 0 (0)
Worker_06 48 killed 0 B 0 (0) 0 (0)
Worker_07 56 running 2.0 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/AboveLockAppHost.dll
Worker_08 58 running 2.0 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/accessibilitycpl.dll
Worker_09 60 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/accountaccessor.dll
Worker_10 62 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/AccountsRt.dll
Worker_11 66 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/AcGenral.dll
Worker_12 70 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/acledit.dll
Worker_13 74 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/aclui.dll
Worker_14 78 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/ACPBackgroundManagerPolicy.dll
Worker_15 82 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/acppage.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:50
Tasks: Queued Processing Merging Abandoned Total
10002 16 0 0 69853
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537924 (5)
Worker_00 27 running 1.8 GiB 50182 (0) 74576 (5) VSS1:TSK:/Windows/System32/acproxy.dll
Worker_01 29 killed 0 B 134042 (0) 130651 (4)
Worker_02 31 extracting 2.0 GiB 69361 (0) 78482 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254223 (0) VSS1:TSK:/Windows/System32/acmigration.dll
Worker_04 44 killed 0 B 0 (0) 0 (0)
Worker_05 46 killed 0 B 0 (0) 0 (0)
Worker_06 48 killed 0 B 0 (0) 0 (0)
Worker_07 56 killed 0 B 0 (0) 0 (0)
Worker_08 58 running 2.1 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/accessibilitycpl.dll
Worker_09 60 running 2.0 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/accountaccessor.dll
Worker_10 62 running 2.1 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/AccountsRt.dll
Worker_11 66 running 2.0 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/AcGenral.dll
Worker_12 70 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/acledit.dll
Worker_13 74 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/aclui.dll
Worker_14 78 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/ACPBackgroundManagerPolicy.dll
Worker_15 82 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/acppage.dll
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:54
Tasks: Queued Processing Merging Abandoned Total
10011 17 0 0 69867
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537944 (20)
Worker_00 27 running 1.8 GiB 50182 (0) 74581 (5) VSS1:TSK:/Windows/System32/adhapi.dll
Worker_01 29 killed 0 B 134042 (0) 130651 (4)
Worker_02 31 extracting 2.0 GiB 69361 (0) 78482 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254228 (5) VSS1:TSK:/Windows/System32/ActionCenterCPL.dll
Worker_04 44 killed 0 B 0 (0) 0 (0)
Worker_05 46 killed 0 B 0 (0) 0 (0)
Worker_06 48 killed 0 B 0 (0) 0 (0)
Worker_07 56 killed 0 B 0 (0) 0 (0)
Worker_08 58 killed 0 B 0 (0) 0 (0)
Worker_09 60 killed 0 B 0 (0) 0 (0)
Worker_10 62 killed 0 B 0 (0) 0 (0)
Worker_11 66 killed 0 B 0 (0) 0 (0)
Worker_12 70 running 2.1 GiB 0 (0) 5 (5) VSS1:TSK:/Windows/System32/AcXtrnal.dll
Worker_13 74 extracting 2.1 GiB 0 (0) 4 (4) VSS1:TSK:/Windows/System32/aclui.dll
Worker_14 78 running 2.1 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/ACPBackgroundManagerPolicy.dll
Worker_15 82 running 2.1 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/acppage.dll
Worker_16 92 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/AcSpecfc.dll
Worker_17 94 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/ActionCenter.dll
Worker_18 96 initialized 1.8 GiB 0 (0) 0 (0)
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:49:58
Tasks: Queued Processing Merging Abandoned Total
10014 25 0 0 69888
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 537994 (50)
Worker_00 27 running 1.8 GiB 50182 (0) 74581 (0) VSS1:TSK:/Windows/System32/adhapi.dll
Worker_01 29 killed 0 B 134042 (0) 130651 (4)
Worker_02 31 extracting 2.0 GiB 69361 (0) 78482 (0) VSS1:TSK:/Windows/System32/MRT.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254233 (5) VSS1:TSK:/Windows/System32/qwave.dll
Worker_04 44 killed 0 B 0 (0) 0 (0)
Worker_05 46 killed 0 B 0 (0) 0 (0)
Worker_06 48 killed 0 B 0 (0) 0 (0)
Worker_07 56 killed 0 B 0 (0) 0 (0)
Worker_08 58 killed 0 B 0 (0) 0 (0)
Worker_09 60 killed 0 B 0 (0) 0 (0)
Worker_10 62 killed 0 B 0 (0) 0 (0)
Worker_11 66 killed 0 B 0 (0) 0 (0)
Worker_12 70 killed 0 B 0 (0) 5 (5)
Worker_13 74 killed 0 B 0 (0) 4 (4)
Worker_14 78 killed 0 B 0 (0) 0 (0)
Worker_15 82 killed 0 B 0 (0) 0 (0)
Worker_16 92 extracting 2.1 GiB 0 (0) 9 (9) VSS1:TSK:/Windows/System32/R4EEP64A.dll
Worker_17 94 running 2.1 GiB 0 (0) 10 (10) VSS1:TSK:/Windows/System32/rasctrs.dll
Worker_18 96 idle 2.1 GiB 0 (0) 10 (10) VSS1:TSK:/Windows/System32/rasadhlp.dll
Worker_19 104 running 2.1 GiB 0 (0) 5 (5) VSS1:TSK:/Windows/System32/raschapext.dll
Worker_20 106 idle 2.1 GiB 0 (0) 5 (5) VSS1:TSK:/Windows/System32/adprovider.dll
Worker_21 108 idle 2.1 GiB 0 (0) 5 (5) VSS1:TSK:/Windows/System32/adsldp.dll
Worker_22 110 running 2.1 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/AdvancedEmojiDS.dll
Worker_23 112 running 2.1 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/R4EEA64A.dll
Worker_24 116 running 2.0 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/R4EED64A.dll
Worker_25 122 running 2.0 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/R4EEG64A.dll
Worker_26 126 running 2.0 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/R4EEL64A.dll
Worker_27 130 running 1.8 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/RacEngn.dll
Worker_28 132 initialized 1.8 GiB 0 (0) 0 (0)
Worker_29 138 initialized 1.8 GiB 0 (0) 0 (0)
Worker_30 140 initialized 1.8 GiB 0 (0) 0 (0)
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:50:10
Tasks: Queued Processing Merging Abandoned Total
10041 24 0 0 69946
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 538152 (158)
Worker_00 27 running 1.8 GiB 50182 (0) 74586 (5) VSS1:TSK:/Windows/System32/RADCUI.dll
Worker_01 29 killed 0 B 134042 (0) 130651 (4)
Worker_02 31 running 2.0 GiB 69361 (0) 78483 (1) VSS1:TSK:/Windows/System32/rasdial.exe
Worker_03 33 running 1.9 GiB 44389 (0) 254238 (5) VSS1:TSK:/Windows/System32/rasauto.dll
Worker_04 44 killed 0 B 0 (0) 0 (0)
Worker_05 46 killed 0 B 0 (0) 0 (0)
Worker_06 48 killed 0 B 0 (0) 0 (0)
Worker_07 56 killed 0 B 0 (0) 0 (0)
Worker_08 58 killed 0 B 0 (0) 0 (0)
Worker_09 60 killed 0 B 0 (0) 0 (0)
Worker_10 62 killed 0 B 0 (0) 0 (0)
Worker_11 66 killed 0 B 0 (0) 0 (0)
Worker_12 70 killed 0 B 0 (0) 5 (5)
Worker_13 74 killed 0 B 0 (0) 4 (4)
Worker_14 78 killed 0 B 0 (0) 0 (0)
Worker_15 82 killed 0 B 0 (0) 0 (0)
Worker_16 92 killed 0 B 0 (0) 9 (9)
Worker_17 94 killed 0 B 0 (0) 10 (10)
Worker_18 96 killed 0 B 0 (0) 10 (10)
Worker_19 104 killed 0 B 0 (0) 5 (5)
Worker_20 106 killed 0 B 0 (0) 5 (5)
Worker_21 108 killed 0 B 0 (0) 5 (5)
Worker_22 110 killed 0 B 0 (0) 0 (0)
Worker_23 112 killed 0 B 0 (0) 0 (0)
Worker_24 116 running 2.1 GiB 0 (0) 10 (10) VSS1:TSK:/Windows/System32/CoreMmRes.dll
Worker_25 122 killed 0 B 0 (0) 0 (0)
Worker_26 126 extracting 2.1 GiB 0 (0) 14 (14) VSS1:TSK:/Windows/System32/CoreShell.dll
Worker_27 130 running 2.0 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/RacEngn.dll
Worker_28 132 running 2.0 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/radardt.dll
Worker_29 138 running 2.0 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/radarrs.dll
Worker_30 140 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/rasapi32.dll
Worker_31 148 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/rasautou.exe
Worker_32 152 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/raschap.dll
Worker_33 154 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/rasctrnm.h
Worker_34 158 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/rascustom.dll
Worker_35 160 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/rasdiag.dll
Worker_36 164 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/rasgcw.dll
Worker_37 166 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/gdi32.dll
Worker_38 170 running 1.8 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/gdi32full.dll
Worker_39 174 initialized 1.8 GiB 0 (0) 0 (0)
Worker_40 178 initialized 1.8 GiB 0 (0) 0 (0)
Worker_41 182 initialized 1.8 GiB 0 (0) 0 (0)
Worker_42 184 initialized 1.8 GiB 0 (0) 0 (0)
plaso - log2timeline version 20190331
Source path : !PRIVACY!.E01
Source type : storage media image
Processing time : 09:50:13
Tasks: Queued Processing Merging Abandoned Total
10005 66 0 0 69953
Identifier PID Status Memory Sources Events File
Main 20 running 1.8 GiB 297980 (0) 538157 (5)
Worker_00 27 running 1.8 GiB 50182 (0) 74596 (10) VSS1:TSK:/Windows/System32/CredDialogBroker.dll
Worker_01 29 killed 0 B 134042 (0) 130651 (4)
Worker_02 31 running 2.0 GiB 69361 (0) 78493 (10) VSS1:TSK:/Windows/System32/usbmon.dll
Worker_03 33 running 1.9 GiB 44389 (0) 254248 (10) VSS1:TSK:/Windows/System32/CredProvDataModel.dll
Worker_04 44 killed 0 B 0 (0) 0 (0)
Worker_05 46 killed 0 B 0 (0) 0 (0)
Worker_06 48 killed 0 B 0 (0) 0 (0)
Worker_07 56 killed 0 B 0 (0) 0 (0)
Worker_08 58 killed 0 B 0 (0) 0 (0)
Worker_09 60 killed 0 B 0 (0) 0 (0)
Worker_10 62 killed 0 B 0 (0) 0 (0)
Worker_11 66 killed 0 B 0 (0) 0 (0)
Worker_12 70 killed 0 B 0 (0) 5 (5)
Worker_13 74 killed 0 B 0 (0) 4 (4)
Worker_14 78 killed 0 B 0 (0) 0 (0)
Worker_15 82 killed 0 B 0 (0) 0 (0)
Worker_16 92 killed 0 B 0 (0) 9 (9)
Worker_17 94 killed 0 B 0 (0) 10 (10)
Worker_18 96 killed 0 B 0 (0) 10 (10)
Worker_19 104 killed 0 B 0 (0) 5 (5)
Worker_20 106 killed 0 B 0 (0) 5 (5)
Worker_21 108 killed 0 B 0 (0) 5 (5)
Worker_22 110 killed 0 B 0 (0) 0 (0)
Worker_23 112 killed 0 B 0 (0) 0 (0)
Worker_24 116 killed 0 B 0 (0) 10 (10)
Worker_25 122 killed 0 B 0 (0) 0 (0)
Worker_26 126 killed 0 B 0 (0) 14 (14)
Worker_27 130 running 2.1 GiB 0 (0) 10 (10) VSS1:TSK:/Windows/System32/CredentialMigrationHandler.dll
Worker_28 132 running 2.1 GiB 0 (0) 9 (9) VSS1:TSK:/Windows/System32/cp_resources.bin
Worker_29 138 running 2.1 GiB 0 (0) 10 (10) VSS1:TSK:/Windows/System32/CPFilters.dll
Worker_30 140 running 2.1 GiB 0 (0) 10 (10) VSS1:TSK:/Windows/System32/crypt32.dll
Worker_31 148 running 2.1 GiB 0 (0) 10 (10) VSS1:TSK:/Windows/System32/UsbTask.dll
Worker_32 152 running 2.1 GiB 0 (0) 10 (10) VSS1:TSK:/Windows/System32/cryptcatsvc.dll
Worker_33 154 running 2.1 GiB 0 (0) 4 (4) VSS1:TSK:/Windows/System32/Cortana.Persona.dll
Worker_34 158 running 2.1 GiB 0 (0) 10 (10) VSS1:TSK:/Windows/System32/UserDataPlatformHelperUtil.dll
Worker_35 160 running 2.1 GiB 0 (0) 5 (5) VSS1:TSK:/Windows/System32/CortanaMapiHelper.ProxyStub.dll
Worker_36 164 running 2.1 GiB 0 (0) 5 (5) VSS1:TSK:/Windows/System32/credprovs.dll
Worker_37 166 running 2.1 GiB 0 (0) 5 (5) VSS1:TSK:/Windows/System32/usbperf.dll
Worker_38 170 running 2.1 GiB 0 (0) 5 (5) VSS1:TSK:/Windows/System32/UserDataAccessRes.dll
Worker_39 174 running 2.1 GiB 0 (0) 5 (5) VSS1:TSK:/Windows/System32/credprovhost.dll
Worker_40 178 running 2.1 GiB 0 (0) 5 (5) VSS1:TSK:/Windows/System32/UserAccountControlSettings.dll
Worker_41 182 running 2.1 GiB 0 (0) 5 (5) VSS1:TSK:/Windows/System32/usercpl.dll
Worker_42 184 running 2.1 GiB 0 (0) 5 (5) VSS1:TSK:/Windows/System32/user32.dll
Worker_43 192 running 2.1 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/Gfxv2_0.exe
Worker_44 198 running 2.1 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/Gfxv4_0.exe.config
Worker_45 204 idle 1.8 GiB 0 (0) 0 (0)
Worker_46 206 running 2.1 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/globinputhost.dll
Worker_47 208 running 2.1 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/gpprnext.dll
Worker_48 210 running 2.0 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/gpupdate.exe
Worker_49 212 running 2.0 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/coredpussvr.exe
Worker_50 216 running 2.0 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/CoreMessaging.dll
Worker_51 220 running 2.0 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/CoreShellAPI.dll
Worker_52 224 running 2.0 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/CoreShellExtFramework.dll
Worker_53 226 running 2.0 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/CoreUIComponents.dll
Worker_54 230 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/CortanaMapiHelper.dll
Worker_55 236 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/CourtesyEngine.dll
Worker_56 240 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/CredentialUIBroker.exe
Worker_57 244 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/CredProv2faHelper.dll
Worker_58 250 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/credssp.dll
Worker_59 254 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/UsbSettingsHandlers.dll
Worker_60 258 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/usbui.dll
Worker_61 262 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/UserAccountBroker.exe
Worker_62 264 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/UserAccountControlSettings.exe
Worker_63 268 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/UserDataAccountApis.dll
Worker_64 272 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/UserDataLanguageUtil.dll
Worker_65 276 running 1.9 GiB 0 (0) 0 (0) VSS1:TSK:/Windows/System32/UserDataService.dll
Worker_66 278 initialized 1.8 GiB 0 (0) 0 (0)
Worker_67 284 initialized 1.8 GiB 0 (0) 0 (0)
Worker_68 288 initialized 1.8 GiB 0 (0) 0 (0)
Worker_69 292 initialized 1.8 GiB 0 (0) 0 (0)
Exception in thread Status update:
Traceback (most recent call last):
File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner
self.run()
File "/usr/lib/python2.7/threading.py", line 754, in run
self.__target(*self.__args, **self.__kwargs)
File "/usr/lib/python2.7/dist-packages/plaso/multi_processing/task_engine.py", line 549, in _StatusUpdateThreadMain
self._CheckStatusWorkerProcess(pid)
File "/usr/lib/python2.7/dist-packages/plaso/multi_processing/engine.py", line 181, in _CheckStatusWorkerProcess
process.name, self._storage_writer)
File "/usr/lib/python2.7/dist-packages/plaso/multi_processing/task_engine.py", line 518, in _StartWorkerProcess
process.start()
File "/usr/lib/python2.7/multiprocessing/process.py", line 130, in start
self._popen = Popen(self)
File "/usr/lib/python2.7/multiprocessing/forking.py", line 121, in __init__
self.pid = os.fork()
OSError: [Errno 12] Cannot allocate memory
Traceback (most recent call last):
File "/usr/bin/log2timeline.py", line 83, in <module>
if not Main():
File "/usr/bin/log2timeline.py", line 69, in Main
tool.ExtractEventsFromSources()
File "/usr/lib/python2.7/dist-packages/plaso/cli/log2timeline_tool.py", line 450, in ExtractEventsFromSources
worker_memory_limit=self._worker_memory_limit)
File "/usr/lib/python2.7/dist-packages/plaso/multi_processing/task_engine.py", line 829, in ProcessSources
filter_find_specs=filter_find_specs)
File "/usr/lib/python2.7/dist-packages/plaso/multi_processing/task_engine.py", line 346, in _ProcessSources
self._ScheduleTasks(storage_writer)
File "/usr/lib/python2.7/dist-packages/plaso/multi_processing/task_engine.py", line 452, in _ScheduleTasks
self._MergeTaskStorage(storage_writer)
File "/usr/lib/python2.7/dist-packages/plaso/multi_processing/task_engine.py", line 200, in _MergeTaskStorage
for task_identifier in storage_writer.GetProcessedTaskIdentifiers():
File "/usr/lib/python2.7/dist-packages/plaso/storage/interface.py", line 1576, in GetProcessedTaskIdentifiers
for path in os.listdir(self._processed_task_storage_path)]
OSError: [Errno 12] Cannot allocate memory: '/data/tmpVs4t4J/processed'
Issue Analytics
- State:
- Created 4 years ago
- Comments:13 (6 by maintainers)
Top Results From Across the Web
Untitled
Db 17 not safe for work, Brownstock festival 2016, Stadt in maehren, ... Flying higher than the empire state, Nama fans club iqbal...
Read more >Bug #1859827 “debian/tests/corosync: gfs2_jadd fails with ...
[Impact] * The gfs2_jadd command (used in debian/tests/corosync) fails with ENOTTY ("Inappropriate ioctl for device") when the i386 packages are run on an ......
Read more >[ubuntu/bionic-proposed] linux-gke-5.4_5.4.0-1022.22~18.04 ...
... soc/amd/renoir: change the module name to make it work with ucm3 ... 20.04] smc: SMC connections hang with later-level implementations ...
Read more >https://tracker.debian.org/media/packages/l/linux-...
... kthread_worker: split code for canceling the delayed work timer - kthread: ... nft_exthdr: check for IPv6 packet before further processing - netfilter: ......
Read more >Application Data Review - Index of /
Then you can save the screen image to a file at higher-than-screen resolution. ... You can use this to continue work from where...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
The “spins off more workers than defined” part is #2455
WinSxS can contain many files and sub-directories so it can take time to process
Seeing that the original issue has been addressed, closing issue