Summary:





NtAdjustPrivilegesToken(>)  1 
NtNotifyChangeKey(>)  2 
NtQueryVolumeInformationFile(>)  5 
NtCreateSection(>)  61 


NtCallbackReturn(>)  1 
NtOpenDirectoryObject(>)  2 
NtQueryInformationProcess(>)  6 
NtCreateEvent(>)  65 


NtGdiCreateBitmap(>)  1 
NtOpenProcessTokenEx(>)  2 
NtQuerySection(>)  6 
NtOpenKey(>)  69 


NtGdiInit(>)  1 
NtOpenThreadToken(>)  2 
NtDelayExecution(>)  8 
NtMapViewOfSection(>)  86 


NtGdiQueryFontAssocInfo(>)  1 
NtOpenThreadTokenEx(>)  2 
NtQueryInformationFile(>)  8 
NtDuplicateObject(>)  88 


NtGdiSelectBitmap(>)  1 
NtQueryDefaultLocale(>)  2 
NtSetInformationFile(>)  9 
NtRegisterThreadTerminatePort(>)  110 


NtOpenKeyedEvent(>)  1 
NtReadFile(>)  2 
NtUserFindExistingCursorIcon(>)  9 
NtTestAlert(>)  114 


NtOpenSymbolicLinkObject(>)  1 
NtSetInformationObject(>)  2 
NtOpenFile(>)  10 
NtWriteVirtualMemory(>)  116 


NtQueryObject(>)  1 
NtSetValueKey(>)  2 
NtCreateFile(>)  12 
NtQueryValueKey(>)  137 


NtQuerySymbolicLinkObject(>)  1 
NtWriteFile(>)  2 
NtQueryDirectoryFile(>)  14 
NtSetEventBoostPriority(>)  159 


NtQuerySystemTime(>)  1 
NtGdiCreateCompatibleDC(>)  3 
NtUserRegisterClassExWOW(>)  14 
NtClose(>)  303 


NtSecureConnectPort(>)  1 
NtOpenProcessToken(>)  3 
NtQueryAttributesFile(>)  15 
NtQueryInformationThread(>)  337 


NtSetInformationProcess(>)  1 
NtSetInformationThread(>)  3 
NtQuerySystemInformation(>)  18 
NtResumeThread(>)  339 


NtUserCallNoParam(>)  1 
NtFreeVirtualMemory(>)  4 
NtFlushInstructionCache(>)  23 
NtCreateThread(>)  341 


NtUserGetThreadDesktop(>)  1 
NtFsControlFile(>)  5 
NtOpenProcess(>)  29 
NtRequestWaitReplyPort(>)  342 


NtCreateIoCompletion(>)  2 
NtGdiGetStockObject(>)  5 
NtUnmapViewOfSection(>)  40 
NtProtectVirtualMemory(>)  514 


NtCreateMutant(>)  2 
NtQueryInformationToken(>)  5 
NtOpenSection(>)  44 
NtWaitForSingleObject(>)  542 


NtGdiCreateSolidBrush(>)  2 
NtQueryVirtualMemory(>)  5 
NtContinue(>)  58 
NtAllocateVirtualMemory(>)  875 





Trace:

 00001  2016   NtOpenFile  (0x80100000, {24, 0, 0x240, 0, 0,  (0x80100000, {24, 0, 0x240, 0, 0, "\SystemRoot\Prefetch\PACKED.EXE-09ED06A1.pf"}, 0, 32, ... -2147481628, {status=0x0, info=1}, ) }, 0, 32, ... -2147481628, {status=0x0, info=1}, ) == 0x0
 00002  2016   NtQueryInformationFile  (-2147481628, -135238604, 24, Standard, ... {status=0x0, info=24}, ) == 0x0
 00003  2016   NtReadFile  (-2147481628, 0, 0, 0, 13474, 0x0, 0, ... {status=0x0, info=13474},  (-2147481628, 0, 0, 0, 13474, 0x0, 0, ... {status=0x0, info=13474}, "\21\0\0\0SCCA\17\0\0\0\2424\0\0P\0A\0C\0K\0E\0D\0.\0E\0X\0E\0\0\0\0\00\366i\201\0\0\0\0\0\0\0\0\20\0\0\0@-\201\367\0@\300\367\30,\201\367x@s\201@-\201\367\241\6\355\11\0\0\0\0\230\0\0\0\34\0\0\0\310\2\0\0\331\2\0\0\364$\0\0\36\14\0\0\301\0\0\1\0\0\0\212\3\0\0\200\14V6\217\260\310\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\1\0\0\0\0\0\0\01\0\0\0\0\0\0\02\0\0\0\2\0\0\01\0\0\0%\1\0\0f\0\0\05\0\0\0\6\0\0\0V\1\0\0\5\0\0\0\322\0\0\04\0\0\0\4\0\0\0[\1\0\0\3\0\0\0<\1\0\03\0\0\0\4\0\0\0^\1\0\0\4\0\0\0\244\1\0\05\0\0\0\4\0\0\0b\1\0\0\32\0\0\0\20\2\0\03\0\0\0\2\0\0\0|\1\0\0\23\0\0\0x\2\0\02\0\0\0\2\0\0\0\217\1\0\0\7\0\0\0\336\2\0\02\0\0\0\6\0\0\0\226\1\0\0\22\0\0\0D\3\0\05\0\0\0\2\0\0\0\250\1\0\0\14\0\0\0\260\3\0\03\0\0\0\2\0\0\0\264\1\0\0\13\0\0\0\30\4\0\05\0\0\0\2\0\0\0\277\1\0\0*\0\0\0\204\4\0\03\0\0\0\2\0\0\0\351\1\0\0\21\0\0\0\354\4\0\02\0\0\0\2\0\0\0\372\1\0\0\2\0\0\0R\5\0\02\0\0\0\4\0\0\0\374\1\0\0\1\0\0\0\270\5\0\04\0\0\0\4\0\0\0\375\1\0\0\22\0\0\0"\6\0\04\0\0\0\6\0\0\0\17\2\0\0\36\0\0\0\214\6\0\04\0\0\0\2\0\0\0-\2\0\0\13\0\0\0", ) \6\0\04\0\0\0\6\0\0\0\17\2\0\0\36\0\0\0\214\6\0\04\0\0\0\2\0\0\0-\2\0\0\13\0\0\0", ) == 0x0
 00004  2016   NtClose  (-2147481628, ... ) == 0x0
 00005  2016   NtCreateFile  (0x100080, {24, 0, 0x240, 0, 0,  (0x100080, {24, 0, 0x240, 0, 0, "\DEVICE\HARDDISKVOLUME1"}, 0x0, 0, 7, 1, 32, 0, 0, ... -2147481628, {status=0x0, info=0}, ) }, 0x0, 0, 7, 1, 32, 0, 0, ... -2147481628, {status=0x0, info=0}, ) == 0x0
 00006  2016   NtQueryVolumeInformationFile  (-2147481628, -135238648, 8, Device, ... {status=0x0, info=8}, ) == 0x0
 00007  2016   NtClose  (-2147481628, ... ) == 0x0
 00008  2016   NtCreateFile  (0x100180, {24, 0, 0x240, 0, 0,  (0x100180, {24, 0, 0x240, 0, 0, "\DEVICE\HARDDISKVOLUME1"}, 0x0, 0, 7, 1, 32, 0, 0, ... }, 0x0, 0, 7, 1, 32, 0, 0, ...
 00009  2016   NtContinue  (-135243448, 0, ...
 00008  2016   NtCreateFile  ... -2147481628, {status=0x0, info=1}, ) == 0x0
 00010  2016   NtQueryVolumeInformationFile  (-2147481628, -135238660, 24, Volume, ... {status=0x0, info=18}, ) == 0x0
 00011  2016   NtFsControlFile  (-2147481628, 0, 0x0, 0x0, 0x90120,  (-2147481628, 0, 0x0, 0x0, 0x90120, "\1\0\0\0!\0\0\0H\10\0\0\0\0\1\0\2309\0\0\0\0\2\0\15\1\0\0\0\0\1\0\357\0\0\0\0\3\0X\244\0\0\0\0\4\0\217\10\0\0\0\0\1\0\214;\0\0\0\0\2\0XK\0\0\0\0\3\0f\10\0\0\0\0\1\0Z\10\0\0\0\0\1\0\304\10\0\0\0\0\1\0Y\10\0\0\0\0\1\0C\10\0\0\0\0\1\0/:\0\0\0\0\3\0\235\244\0\0\0\0\3\0\26\11\0\0\0\0\1\0\201\246\0\0\0\0\3\0\224\246\0\0\0\0\3\0@C\0\0\0\0\2\0r\10\0\0\0\0\1\0g\10\0\0\0\0\1\0\2\1\0\0\0\0\1\0o%\0\0\0\0\3\0\243\10\0\0\0\0\1\0q\10\0\0\0\0\1\0p\10\0\0\0\0\1\0@\31\0\0\0\0\1\0\2339\0\0\0\0\1\0\5\0\0\0\0\0\5\0\34\0\0\0\0\0\1\0'\0\0\0\0\0\1\0\210\0\0\0\0\0\1\0\2329\0\0\0\0\1\0", 272, 0, ... {status=0x0, info=0}, 0x0, ) , 272, 0, ... {status=0x0, info=0}, 0x0, ) == 0x0
 00012  2016   NtCreateFile  (0x100001, {24, 0, 0x240, 0, 0,  (0x100001, {24, 0, 0x240, 0, 0, "\DEVICE\HARDDISKVOLUME1\"}, 0x0, 0, 7, 1, 16417, 0, 0, ... -2147482764, {status=0x0, info=1}, ) }, 0x0, 0, 7, 1, 16417, 0, 0, ... -2147482764, {status=0x0, info=1}, ) == 0x0
 00013  2016   NtQueryDirectoryFile  (-2147482764, 0, 0, 0, -504332288, 16384, Names, 0, 0x0, -518446847, ... {status=0x0, info=1146}, ) == 0x0
 00014  2016   NtQueryDirectoryFile  (-2147482764, 0, 0, 0, -504332288, 16384, Names, 0, 0x0, -518446848, ... ) == STATUS_NO_MORE_FILES
 00015  2016   NtClose  (-2147482764, ... ) == 0x0
 00016  2016   NtCreateFile  (0x100001, {24, 0, 0x240, 0, 0,  (0x100001, {24, 0, 0x240, 0, 0, "\DEVICE\HARDDISKVOLUME1\WINDOWS\"}, 0x0, 0, 7, 1, 16417, 0, 0, ... -2147482764, {status=0x0, info=1}, ) }, 0x0, 0, 7, 1, 16417, 0, 0, ... -2147482764, {status=0x0, info=1}, ) == 0x0
 00017  2016   NtQueryDirectoryFile  (-2147482764, 0, 0, 0, -504332288, 16384, Names, 0, 0x0, -518446847, ... {status=0x0, info=15820}, ) == 0x0
 00018  2016   NtQueryDirectoryFile  (-2147482764, 0, 0, 0, -504332288, 16384, Names, 0, 0x0, -518446848, ... ) == STATUS_NO_MORE_FILES
 00019  2016   NtClose  (-2147482764, ... ) == 0x0
 00020  2016   NtCreateFile  (0x100001, {24, 0, 0x240, 0, 0,  (0x100001, {24, 0, 0x240, 0, 0, "\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\"}, 0x0, 0, 7, 1, 16417, 0, 0, ... -2147482764, {status=0x0, info=1}, ) }, 0x0, 0, 7, 1, 16417, 0, 0, ... -2147482764, {status=0x0, info=1}, ) == 0x0
 00021  2016   NtQueryDirectoryFile  (-2147482764, 0, 0, 0, -504332288, 16384, Names, 0, 0x0, -518446847, ... {status=0x0, info=16366}, ) == 0x0
 00022  2016   NtQueryDirectoryFile  (-2147482764, 0, 0, 0, -504332288, 16384, Names, 0, 0x0, -518446848, ... {status=0x0, info=16354}, ) == 0x0
 00023  2016   NtQueryDirectoryFile  (-2147482764, 0, 0, 0, -504332288, 16384, Names, 0, 0x0, -518446848, ... {status=0x0, info=16348}, ) == 0x0
 00024  2016   NtQueryDirectoryFile  (-2147482764, 0, 0, 0, -504332288, 16384, Names, 0, 0x0, -518446848, ... {status=0x0, info=16364}, ) == 0x0
 00025  2016   NtQueryDirectoryFile  (-2147482764, 0, 0, 0, -504332288, 16384, Names, 0, 0x0, -518446848, ... {status=0x0, info=11386}, ) == 0x0
 00026  2016   NtQueryDirectoryFile  (-2147482764, 0, 0, 0, -504332288, 16384, Names, 0, 0x0, -518446848, ... ) == STATUS_NO_MORE_FILES
 00027  2016   NtClose  (-2147482764, ... ) == 0x0
 00028  2016   NtCreateFile  (0x100001, {24, 0, 0x240, 0, 0,  (0x100001, {24, 0, 0x240, 0, 0, "\DEVICE\HARDDISKVOLUME1\WINDOWS\WINSXS\"}, 0x0, 0, 7, 1, 16417, 0, 0, ... -2147482764, {status=0x0, info=1}, ) }, 0x0, 0, 7, 1, 16417, 0, 0, ... -2147482764, {status=0x0, info=1}, ) == 0x0
 00029  2016   NtQueryDirectoryFile  (-2147482764, 0, 0, 0, -504332288, 16384, Names, 0, 0x0, -518446847, ... {status=0x0, info=2228}, ) == 0x0
 00030  2016   NtQueryDirectoryFile  (-2147482764, 0, 0, 0, -504332288, 16384, Names, 0, 0x0, -518446848, ... ) == STATUS_NO_MORE_FILES
 00031  2016   NtClose  (-2147482764, ... ) == 0x0
 00032  2016   NtCreateFile  (0x100001, {24, 0, 0x240, 0, 0,  (0x100001, {24, 0, 0x240, 0, 0, "\DEVICE\HARDDISKVOLUME1\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.2982_X-WW_AC3F9C03\"}, 0x0, 0, 7, 1, 16417, 0, 0, ... -2147482764, {status=0x0, info=1}, ) }, 0x0, 0, 7, 1, 16417, 0, 0, ... -2147482764, {status=0x0, info=1}, ) == 0x0
 00033  2016   NtQueryDirectoryFile  (-2147482764, 0, 0, 0, -504332288, 16384, Names, 0, 0x0, -518446847, ... {status=0x0, info=68}, ) == 0x0
 00034  2016   NtQueryDirectoryFile  (-2147482764, 0, 0, 0, -504332288, 16384, Names, 0, 0x0, -518446848, ... ) == STATUS_NO_MORE_FILES
 00035  2016   NtClose  (-2147482764, ... ) == 0x0
 00036  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147482764, ... -2147482688, ) == 0x0
 00037  2016   NtClose  (-2147482688, ... ) == 0x0
 00038  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147482688, ... -2147482660, ) == 0x0
 00039  2016   NtClose  (-2147482660, ... ) == 0x0
 00040  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147482660, ... -2147482656, ) == 0x0
 00041  2016   NtClose  (-2147482656, ... ) == 0x0
 00042  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147482656, ... -2147482652, ) == 0x0
 00043  2016   NtClose  (-2147482652, ... ) == 0x0
 00044  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147482652, ... -2147482724, ) == 0x0
 00045  2016   NtClose  (-2147482724, ... ) == 0x0
 00046  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147482724, ... -2147481452, ) == 0x0
 00047  2016   NtClose  (-2147481452, ... ) == 0x0
 00048  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147481452, ... -2147482684, ) == 0x0
 00049  2016   NtClose  (-2147482684, ... ) == 0x0
 00050  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147482684, ... -2147482680, ) == 0x0
 00051  2016   NtClose  (-2147482680, ... ) == 0x0
 00052  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147482680, ... -2147482760, ) == 0x0
 00053  2016   NtClose  (-2147482760, ... ) == 0x0
 00054  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147482760, ... -2147481368, ) == 0x0
 00055  2016   NtClose  (-2147481368, ... ) == 0x0
 00056  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147481368, ... -2147482748, ) == 0x0
 00057  2016   NtClose  (-2147482748, ... ) == 0x0
 00058  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147482748, ... -2147482136, ) == 0x0
 00059  2016   NtClose  (-2147482136, ... ) == 0x0
 00060  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147482136, ... -2147481480, ) == 0x0
 00061  2016   NtClose  (-2147481480, ... ) == 0x0
 00062  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147481480, ... -2147481484, ) == 0x0
 00063  2016   NtClose  (-2147481484, ... ) == 0x0
 00064  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147481484, ... -2147482676, ) == 0x0
 00065  2016   NtClose  (-2147482676, ... ) == 0x0
 00066  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147482676, ... -2147482672, ) == 0x0
 00067  2016   NtClose  (-2147482672, ... ) == 0x0
 00068  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147482672, ... -2147482668, ) == 0x0
 00069  2016   NtClose  (-2147482668, ... ) == 0x0
 00070  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147482668, ... -2147482664, ) == 0x0
 00071  2016   NtClose  (-2147482664, ... ) == 0x0
 00072  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147482664, ... -2147481588, ) == 0x0
 00073  2016   NtClose  (-2147481588, ... ) == 0x0
 00074  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147481588, ... -2147481584, ) == 0x0
 00075  2016   NtClose  (-2147481584, ... ) == 0x0
 00076  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147481584, ... -2147482692, ) == 0x0
 00077  2016   NtClose  (-2147482692, ... ) == 0x0
 00078  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147482692, ... -2147481512, ) == 0x0
 00079  2016   NtClose  (-2147481512, ... ) == 0x0
 00080  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147481512, ... -2147481580, ) == 0x0
 00081  2016   NtClose  (-2147481580, ... ) == 0x0
 00082  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147481580, ... -2147481552, ) == 0x0
 00083  2016   NtClose  (-2147481552, ... ) == 0x0
 00084  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147481552, ... -2147481592, ) == 0x0
 00085  2016   NtClose  (-2147481592, ... ) == 0x0
 00086  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147481592, ... -2147481596, ) == 0x0
 00087  2016   NtClose  (-2147481596, ... ) == 0x0
 00088  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147481596, ... -2147482108, ) == 0x0
 00089  2016   NtClose  (-2147482108, ... ) == 0x0
 00090  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 4, 67108864, -2147482108, ... -2147482732, ) == 0x0
 00091  2016   NtClose  (-2147482732, ... ) == 0x0
 00092  2016   NtClose  (-2147482764, ... ) == 0x0
 00093  2016   NtClose  (-2147482688, ... ) == 0x0
 00094  2016   NtClose  (-2147482660, ... ) == 0x0
 00095  2016   NtClose  (-2147482656, ... ) == 0x0
 00096  2016   NtClose  (-2147482652, ... ) == 0x0
 00097  2016   NtClose  (-2147482724, ... ) == 0x0
 00098  2016   NtClose  (-2147481452, ... ) == 0x0
 00099  2016   NtClose  (-2147482684, ... ) == 0x0
 00100  2016   NtClose  (-2147482680, ... ) == 0x0
 00101  2016   NtClose  (-2147482760, ... ) == 0x0
 00102  2016   NtClose  (-2147481368, ... ) == 0x0
 00103  2016   NtClose  (-2147482748, ... ) == 0x0
 00104  2016   NtClose  (-2147482136, ... ) == 0x0
 00105  2016   NtClose  (-2147481480, ... ) == 0x0
 00106  2016   NtClose  (-2147481484, ... ) == 0x0
 00107  2016   NtClose  (-2147482676, ... ) == 0x0
 00108  2016   NtClose  (-2147482672, ... ) == 0x0
 00109  2016   NtClose  (-2147482668, ... ) == 0x0
 00110  2016   NtClose  (-2147482664, ... ) == 0x0
 00111  2016   NtClose  (-2147481588, ... ) == 0x0
 00112  2016   NtClose  (-2147481584, ... ) == 0x0
 00113  2016   NtClose  (-2147482692, ... ) == 0x0
 00114  2016   NtClose  (-2147481512, ... ) == 0x0
 00115  2016   NtClose  (-2147481580, ... ) == 0x0
 00116  2016   NtClose  (-2147481552, ... ) == 0x0
 00117  2016   NtClose  (-2147481592, ... ) == 0x0
 00118  2016   NtClose  (-2147481596, ... ) == 0x0
 00119  2016   NtClose  (-2147482108, ... ) == 0x0
 00120  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147482108, ... -2147481596, ) == 0x0
 00121  2016   NtClose  (-2147481596, ... ) == 0x0
 00122  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147481596, ... -2147481592, ) == 0x0
 00123  2016   NtClose  (-2147481592, ... ) == 0x0
 00124  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147481592, ... -2147481552, ) == 0x0
 00125  2016   NtClose  (-2147481552, ... ) == 0x0
 00126  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147481552, ... -2147481580, ) == 0x0
 00127  2016   NtClose  (-2147481580, ... ) == 0x0
 00128  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147481580, ... -2147481512, ) == 0x0
 00129  2016   NtClose  (-2147481512, ... ) == 0x0
 00130  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147481512, ... -2147482692, ) == 0x0
 00131  2016   NtClose  (-2147482692, ... ) == 0x0
 00132  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147482692, ... -2147481584, ) == 0x0
 00133  2016   NtClose  (-2147481584, ... ) == 0x0
 00134  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147481584, ... -2147481588, ) == 0x0
 00135  2016   NtClose  (-2147481588, ... ) == 0x0
 00136  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147481588, ... -2147482664, ) == 0x0
 00137  2016   NtClose  (-2147482664, ... ) == 0x0
 00138  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147482664, ... -2147482668, ) == 0x0
 00139  2016   NtClose  (-2147482668, ... ) == 0x0
 00140  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147482668, ... -2147482672, ) == 0x0
 00141  2016   NtClose  (-2147482672, ... ) == 0x0
 00142  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147482672, ... -2147482676, ) == 0x0
 00143  2016   NtClose  (-2147482676, ... ) == 0x0
 00144  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147482676, ... -2147481484, ) == 0x0
 00145  2016   NtClose  (-2147481484, ... ) == 0x0
 00146  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147481484, ... -2147481480, ) == 0x0
 00147  2016   NtClose  (-2147481480, ... ) == 0x0
 00148  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147481480, ... -2147482136, ) == 0x0
 00149  2016   NtClose  (-2147482136, ... ) == 0x0
 00150  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147482136, ... -2147482748, ) == 0x0
 00151  2016   NtClose  (-2147482748, ... ) == 0x0
 00152  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147482748, ... -2147481368, ) == 0x0
 00153  2016   NtClose  (-2147481368, ... ) == 0x0
 00154  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147481368, ... -2147482760, ) == 0x0
 00155  2016   NtClose  (-2147482760, ... ) == 0x0
 00156  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147482760, ... -2147482680, ) == 0x0
 00157  2016   NtClose  (-2147482680, ... ) == 0x0
 00158  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147482680, ... -2147482684, ) == 0x0
 00159  2016   NtClose  (-2147482684, ... ) == 0x0
 00160  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147482684, ... -2147481452, ) == 0x0
 00161  2016   NtClose  (-2147481452, ... ) == 0x0
 00162  2016   NtCreateSection  (0xd, {24, 0, 0x240, 0, 0, 0x0}, 0x0, 16, 16777216, -2147481452, ... -2147482724, ) == 0x0
 00163  2016   NtClose  (-2147482724, ... ) == 0x0
 00164  2016   NtClose  (-2147482108, ... ) == 0x0
 00165  2016   NtClose  (-2147481596, ... ) == 0x0
 00166  2016   NtClose  (-2147481592, ... ) == 0x0
 00167  2016   NtClose  (-2147481552, ... ) == 0x0
 00168  2016   NtClose  (-2147481580, ... ) == 0x0
 00169  2016   NtClose  (-2147481512, ... ) == 0x0
 00170  2016   NtClose  (-2147482692, ... ) == 0x0
 00171  2016   NtClose  (-2147481584, ... ) == 0x0
 00172  2016   NtClose  (-2147481588, ... ) == 0x0
 00173  2016   NtClose  (-2147482664, ... ) == 0x0
 00174  2016   NtClose  (-2147482668, ... ) == 0x0
 00175  2016   NtClose  (-2147482672, ... ) == 0x0
 00176  2016   NtClose  (-2147482676, ... ) == 0x0
 00177  2016   NtClose  (-2147481484, ... ) == 0x0
 00178  2016   NtClose  (-2147481480, ... ) == 0x0
 00179  2016   NtClose  (-2147482136, ... ) == 0x0
 00180  2016   NtClose  (-2147482748, ... ) == 0x0
 00181  2016   NtClose  (-2147481368, ... ) == 0x0
 00182  2016   NtClose  (-2147482760, ... ) == 0x0
 00183  2016   NtClose  (-2147482680, ... ) == 0x0
 00184  2016   NtClose  (-2147482684, ... ) == 0x0
 00185  2016   NtClose  (-2147481452, ... ) == 0x0
 00186  2016   NtClose  (-2147481628, ... ) == 0x0
 00187  2016   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\packed.exe"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00188  2016   NtOpenKeyedEvent  (0x2000000, {24, 0, 0x0, 0, 0,  (0x2000000, {24, 0, 0x0, 0, 0, "\KernelObjects\CritSecOutOfMemoryEvent"}, ... 4, ) }, ... 4, ) == 0x0
 00189  2016   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00190  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 1310720, 1048576, ) == 0x0
 00191  2016   NtAllocateVirtualMemory  (-1, 1310720, 0, 4096, 4096, 4, ... 1310720, 4096, ) == 0x0
 00192  2016   NtAllocateVirtualMemory  (-1, 1314816, 0, 8192, 4096, 4, ... 1314816, 8192, ) == 0x0
 00193  2016   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00194  2016   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 2359296, 65536, ) == 0x0
 00195  2016   NtAllocateVirtualMemory  (-1, 2359296, 0, 24576, 4096, 4, ... 2359296, 24576, ) == 0x0
 00196  2016   NtOpenDirectoryObject  (0x3, {24, 0, 0x40, 0, 0,  (0x3, {24, 0, 0x40, 0, 0, "\KnownDlls"}, ... 8, ) }, ... 8, ) == 0x0
 00197  2016   NtOpenSymbolicLinkObject  (0x1, {24, 8, 0x40, 0, 0,  (0x1, {24, 8, 0x40, 0, 0, "KnownDllPath"}, ... 12, ) }, ... 12, ) == 0x0
 00198  2016   NtQuerySymbolicLinkObject  (12, ...  (12, ... "C:\WINDOWS\system32", 0x0, ) , 0x0, ) == 0x0
 00199  2016   NtClose  (12, ... ) == 0x0
 00200  2016   NtOpenFile  (0x100020, {24, 0, 0x42, 0, 0,  (0x100020, {24, 0, 0x42, 0, 0, "\??\C:\scripts\"}, 3, 33, ... 12, {status=0x0, info=1}, ) }, 3, 33, ... 12, {status=0x0, info=1}, ) == 0x0
 00201  2016   NtQueryVolumeInformationFile  (12, 1243852, 8, Device, ... {status=0x0, info=8}, ) == 0x0
 00202  2016   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\packed.exe.Local"}, 1243804, ... ) }, 1243804, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00203  2016   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "kernel32.dll"}, ... 16, ) }, ... 16, ) == 0x0
 00204  2016   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x7c800000), 0x0, 1003520, ) == 0x0
 00205  2016   NtClose  (16, ... ) == 0x0
 00206  2016   NtProtectVirtualMemory  (-1, (0x7c801000), 1568, 4, ... (0x7c801000), 4096, 32, ) == 0x0
 00207  2016   NtProtectVirtualMemory  (-1, (0x7c801000), 4096, 32, ... (0x7c801000), 4096, 4, ) == 0x0
 00208  2016   NtFlushInstructionCache  (-1, 2088767488, 1568, ... ) == 0x0
 00209  2016   NtQueryInformationProcess  (-1, 36, 4, ... {process info, class 36, size 4}, 0x0, ) == 0x0
 00210  2016   NtQuerySystemInformation  (RangeStart, 4, ... {system info, class 50, size 4}, 0x0, ) == 0x0
 00211  2016   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00212  2016   NtCreateSection  (0xf001f, 0x0, {65536, 0}, 4, 67108864, 0, ... 16, ) == 0x0
 00213  2016   NtSecureConnectPort  ( ("\Windows\ApiPort", {0, 2, 1, 1}, {24, 16, 0, 65536, 0, 0}, 1319736, {12, 0, 0}, 1241944, 44, ... 24, {24, 16, 0, 65536, 2424832, 18939904}, {0, 0, 0}, 200, 44, ) , {0, 2, 1, 1}, {24, 16, 0, 65536, 0, 0}, 1319736, {12, 0, 0}, 1241944, 44, ... 24, {24, 16, 0, 65536, 2424832, 18939904}, {0, 0, 0}, 200, 44, ) == 0x0
 00214  2016   NtClose  (16, ... ) == 0x0
 00215  2016   NtQueryObject  (24, Handle, 2, ... {Inherit=0,ProtectFromClose=0,}, -1, ) == 0x0
 00216  2016   NtSetInformationObject  (24, Handle, {Inherit=0,ProtectFromClose=1,}, 256, ... ) == 0x0
 00217  2016   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00218  2016   NtQueryVirtualMemory  (-1, 0x250000, Basic, 28, ... {BaseAddress=0x250000,AllocationBase=0x250000,AllocationProtect=0x4,RegionSize=0x10000,State=0x2000,Protect=0x0,Type=0x40000,}, 0x0, ) == 0x0
 00219  2016   NtAllocateVirtualMemory  (-1, 2424832, 0, 4096, 4096, 4, ... 2424832, 4096, ) == 0x0
 00220  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1242260, 1242460, 2089900544, 1242184}  (24, {28, 56, new_msg, 0, 1242260, 1242460, 2089900544, 1242184} "\210\6!\1\0\0\0\0eZ\221|\0\0\0\0\1\0\0\0\234\6!\1\4\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81841, 0} "\370\374\27\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6!\1\4\0\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81841, 0}  (24, {28, 56, new_msg, 0, 1242260, 1242460, 2089900544, 1242184} "\210\6!\1\0\0\0\0eZ\221|\0\0\0\0\1\0\0\0\234\6!\1\4\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81841, 0} "\370\374\27\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6!\1\4\0\0\0" )  ) == 0x0
 00221  2016   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00222  2016   NtAllocateVirtualMemory  (-1, 1232896, 0, 4096, 4096, 260, ... 1232896, 4096, ) == 0x0
 00223  2016   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 16, ) }, ... 16, ) == 0x0
 00224  2016   NtQueryValueKey  (16,  (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00225  2016   NtClose  (16, ... ) == 0x0
 00226  2016   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionUnicode"}, ... 16, ) }, ... 16, ) == 0x0
 00227  2016   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x260000), 0x0, 90112, ) == 0x0
 00228  2016   NtClose  (16, ... ) == 0x0
 00229  2016   NtQueryDefaultLocale  (0, 2089305000, ... ) == 0x0
 00230  2016   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionLocale"}, ... 16, ) }, ... 16, ) == 0x0
 00231  2016   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x280000), 0x0, 249856, ) == 0x0
 00232  2016   NtClose  (16, ... ) == 0x0
 00233  2016   NtOpenSection  (0x5, {24, 0, 0x40, 0, 0,  (0x5, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey"}, ... 16, ) }, ... 16, ) == 0x0
 00234  2016   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x2c0000), 0x0, 266240, ) == 0x0
 00235  2016   NtQuerySection  (16, Basic, 16, ... {BaseAddress=0x0,Attributes=0x800000,Size={0x40004, 0x0},}, 0x0, ) == 0x0
 00236  2016   NtClose  (16, ... ) == 0x0
 00237  2016   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortTbls"}, ... 16, ) }, ... 16, ) == 0x0
 00238  2016   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x310000), 0x0, 24576, ) == 0x0
 00239  2016   NtClose  (16, ... ) == 0x0
 00240  2016   NtQueryVirtualMemory  (-1, 0x7ffd2000, Basic, 28, ... {BaseAddress=0x7ffd2000,AllocationBase=0x7ffb0000,AllocationProtect=0x2,RegionSize=0x2000,State=0x1000,Protect=0x2,Type=0x40000,}, 0x0, ) == 0x0
 00241  2016   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey00000409"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00242  2016   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey00000409"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00243  2016   NtAllocateVirtualMemory  (-1, 2428928, 0, 8192, 4096, 4, ... 2428928, 8192, ) == 0x0
 00244  2016   NtRequestWaitReplyPort  (24, {24, 52, new_msg, 0, 7012468, 7929957, 3145776, 3145776}  (24, {24, 52, new_msg, 0, 7012468, 7929957, 3145776, 3145776} "\210\6!\1\36\0\1\0\0\0\0\0\377\377\377\377\234\6!\1p\30\0\0" ... {24, 52, reply, 0, 896, 2016, 81842, 0} "\10P\30\0\36\0\1\0\0\0\0\0\377\377\377\377\234\6!\1p\30\0\0" )  ... {24, 52, reply, 0, 896, 2016, 81842, 0}  (24, {24, 52, new_msg, 0, 7012468, 7929957, 3145776, 3145776} "\210\6!\1\36\0\1\0\0\0\0\0\377\377\377\377\234\6!\1p\30\0\0" ... {24, 52, reply, 0, 896, 2016, 81842, 0} "\10P\30\0\36\0\1\0\0\0\0\0\377\377\377\377\234\6!\1p\30\0\0" )  ) == 0x0
 00245  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 2089305760, 2090321376, 0, 0}  (24, {28, 56, new_msg, 0, 2089305760, 2090321376, 0, 0} "\210\6!\1\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6!\18\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81843, 0} "\250\202\26\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6!\18\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81843, 0}  (24, {28, 56, new_msg, 0, 2089305760, 2090321376, 0, 0} "\210\6!\1\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6!\18\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81843, 0} "\250\202\26\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6!\18\6\0\0" )  ) == 0x0
 00246  2016   NtProtectVirtualMemory  (-1, (0x409000), 94224, 4, ... (0x409000), 98304, 128, ) == 0x0
 00247  2016   NtProtectVirtualMemory  (-1, (0x409000), 98304, 128, ... (0x409000), 98304, 4, ) == 0x0
 00248  2016   NtFlushInstructionCache  (-1, 4231168, 94224, ... ) == 0x0
 00249  2016   NtQueryInformationProcess  (-1, 37, 48, ... {process info, class 37, size 48}, 0x0, ) == 0x0
 00250  2016   NtSetInformationProcess  (-1, 34, {process info, class 34, size 4}, 4, ... ) == 0x0
 00251  2016   NtOpenProcessToken  (-1, 0x8, ... 16, ) == 0x0
 00252  2016   NtQueryInformationToken  (16, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 00253  2016   NtClose  (16, ... ) == 0x0
 00254  2016   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 16, ) }, ... 16, ) == 0x0
 00255  2016   NtQueryValueKey  (16,  (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00256  2016   NtClose  (16, ... ) == 0x0
 00257  2016   NtTestAlert  (... ) == 0x0
 00258  2016   NtContinue  (1244464, 1, ...
 00259  2016   NtSetInformationThread  (-2, Win32StartAddress(LpcReceivedMessageId), {StartAddress(LpcReceivedMsgId)=0x40283e,}, 4, ... ) == 0x0
 00260  2016   NtOpenDirectoryObject  (0x2000f, {24, 0, 0x40, 0, 0,  (0x2000f, {24, 0, 0x40, 0, 0, "\BaseNamedObjects"}, ... 16, ) }, ... 16, ) == 0x0
 00261  2016   NtCreateEvent  (0x1f0003, {24, 16, 0x80, 1245092, 0,  (0x1f0003, {24, 16, 0x80, 1245092, 0, "VT_3"}, 1, 0, ... 28, ) }, 1, 0, ... 28, ) == 0x0
 00262  2016   NtCreateSection  (0xe, {24, 0, 0x40, 1245092, 0,  (0xe, {24, 0, 0x40, 1245092, 0, "\BaseNamedObjects\W32_Virtu"}, {27086, 0}, 64, 134217728, 0, ... 32, ) }, {27086, 0}, 64, 134217728, 0, ... 32, ) == 0x0
 00263  2016   NtMapViewOfSection  (32, -1, (0x0), 0, 27086, 0x0, 27086, 2, 0, 64, ... (0x320000), 0x0, 28672, ) == 0x0
 00264  2016   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\Registry\MACHINE\System\CurrentControlSet\Control\Session Manager"}, ... 36, ) }, ... 36, ) == 0x0
 00265  2016   NtQueryValueKey  (36,  (36, "SafeDllSearchMode", Partial, 16, ... ) , Partial, 16, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00266  2016   NtClose  (36, ... ) == 0x0
 00267  2016   NtAllocateVirtualMemory  (-1, 1323008, 0, 4096, 4096, 4, ... 1323008, 4096, ) == 0x0
 00268  2016   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "ADVAPI32.DLL"}, ... 36, ) }, ... 36, ) == 0x0
 00269  2016   NtMapViewOfSection  (36, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77dd0000), 0x0, 634880, ) == 0x0
 00270  2016   NtClose  (36, ... ) == 0x0
 00271  2016   NtProtectVirtualMemory  (-1, (0x77dd1000), 1700, 4, ... (0x77dd1000), 4096, 32, ) == 0x0
 00272  2016   NtProtectVirtualMemory  (-1, (0x77dd1000), 4096, 32, ... (0x77dd1000), 4096, 4, ) == 0x0
 00273  2016   NtFlushInstructionCache  (-1, 2010976256, 1700, ... ) == 0x0
 00274  2016   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "RPCRT4.dll"}, ... 36, ) }, ... 36, ) == 0x0
 00275  2016   NtMapViewOfSection  (36, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77e70000), 0x0, 593920, ) == 0x0
 00276  2016   NtClose  (36, ... ) == 0x0
 00277  2016   NtProtectVirtualMemory  (-1, (0x77e71000), 868, 4, ... (0x77e71000), 4096, 32, ) == 0x0
 00278  2016   NtProtectVirtualMemory  (-1, (0x77e71000), 4096, 32, ... (0x77e71000), 4096, 4, ) == 0x0
 00279  2016   NtFlushInstructionCache  (-1, 2011631616, 868, ... ) == 0x0
 00280  2016   NtProtectVirtualMemory  (-1, (0x77e71000), 868, 4, ... (0x77e71000), 4096, 32, ) == 0x0
 00281  2016   NtProtectVirtualMemory  (-1, (0x77e71000), 4096, 32, ... (0x77e71000), 4096, 4, ) == 0x0
 00282  2016   NtFlushInstructionCache  (-1, 2011631616, 868, ... ) == 0x0
 00283  2016   NtProtectVirtualMemory  (-1, (0x77e71000), 868, 4, ... (0x77e71000), 4096, 32, ) == 0x0
 00284  2016   NtProtectVirtualMemory  (-1, (0x77e71000), 4096, 32, ... (0x77e71000), 4096, 4, ) == 0x0
 00285  2016   NtFlushInstructionCache  (-1, 2011631616, 868, ... ) == 0x0
 00286  2016   NtProtectVirtualMemory  (-1, (0x77dd1000), 1700, 4, ... (0x77dd1000), 4096, 32, ) == 0x0
 00287  2016   NtProtectVirtualMemory  (-1, (0x77dd1000), 4096, 32, ... (0x77dd1000), 4096, 4, ) == 0x0
 00288  2016   NtFlushInstructionCache  (-1, 2010976256, 1700, ... ) == 0x0
 00289  2016   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RPCRT4.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00290  2016   NtAllocateVirtualMemory  (-1, 1327104, 0, 4096, 4096, 4, ... 1327104, 4096, ) == 0x0
 00291  2016   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADVAPI32.DLL"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00292  2016   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 36, ) }, ... 36, ) == 0x0
 00293  2016   NtQueryValueKey  (36,  (36, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (36, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00294  2016   NtQueryValueKey  (36,  (36, "TSUserEnabled", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (36, "TSUserEnabled", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00295  2016   NtClose  (36, ... ) == 0x0
 00296  2016   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"}, ... 36, ) }, ... 36, ) == 0x0
 00297  2016   NtQueryValueKey  (36,  (36, "LeakTrack", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00298  2016   NtClose  (36, ... ) == 0x0
 00299  2016   NtOpenKey  (0x2000000, {24, 0, 0x40, 0, 0,  (0x2000000, {24, 0, 0x40, 0, 0, "\REGISTRY\MACHINE"}, ... 36, ) }, ... 36, ) == 0x0
 00300  2016   NtSetInformationObject  (36, Handle, {Inherit=0,ProtectFromClose=1,}, 2011431168, ... ) == 0x0
 00301  2016   NtOpenKey  (0x20019, {24, 36, 0x40, 0, 0,  (0x20019, {24, 36, 0x40, 0, 0, "Software\Microsoft\Windows NT\CurrentVersion\Diagnostics"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00302  2016   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdll.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00303  2016   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernel32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00304  2016   NtOpenProcessToken  (-1, 0x20, ... 40, ) == 0x0
 00305  2016   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00306  2016   NtOpenKey  (0x20019, {24, 36, 0x40, 0, 0,  (0x20019, {24, 36, 0x40, 0, 0, "Software\Microsoft\Rpc\PagedBuffers"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00307  2016   NtOpenKey  (0x20019, {24, 36, 0x40, 0, 0,  (0x20019, {24, 36, 0x40, 0, 0, "Software\Microsoft\Rpc"}, ... 44, ) }, ... 44, ) == 0x0
 00308  2016   NtQueryValueKey  (44,  (44, "MaxRpcSize", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00309  2016   NtClose  (44, ... ) == 0x0
 00310  2016   NtOpenKey  (0x20019, {24, 36, 0x40, 0, 0,  (0x20019, {24, 36, 0x40, 0, 0, "Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\packed.exe\RpcThreadPoolThrottle"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00311  2016   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ... 44, ) == 0x0
 00312  2016   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ... 48, ) == 0x0
 00313  2016   NtQuerySystemTime  (... {1442735414, 29929616}, ) == 0x0
 00314  2016   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 52, ) == 0x0
 00315  2016   NtOpenKey  (0x20019, {24, 36, 0x40, 0, 0,  (0x20019, {24, 36, 0x40, 0, 0, "Software\Policies\Microsoft\Windows NT\Rpc"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00316  2016   NtQuerySystemInformation  (Performance, 312, ... {system info, class 2, size 312}, 0x0, ) == 0x0
 00317  2016   NtQueryInformationProcess  (-1, QuotaLimits, 32, ... {process info, class 1, size 32}, 0x0, ) == 0x0
 00318  2016   NtQueryInformationProcess  (-1, VmCounters, 44, ... {process info, class 3, size 44}, 0x0, ) == 0x0
 00319  2016   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 56, ) == 0x0
 00320  2016   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ... 60, ) == 0x0
 00321  2016   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\ComputerName"}, ... 64, ) }, ... 64, ) == 0x0
 00322  2016   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "ActiveComputerName"}, ... 68, ) }, ... 68, ) == 0x0
 00323  2016   NtQueryValueKey  (68,  (68, "ComputerName", Full, 108, ... TitleIdx=0, Type=1, Name="ComputerName", Data="V\0I\0R\0T\0U\0A\0L\0\0\0"}, 60, ) , Full, 108, ... TitleIdx=0, Type=1, Name= (68, "ComputerName", Full, 108, ... TitleIdx=0, Type=1, Name="ComputerName", Data="V\0I\0R\0T\0U\0A\0L\0\0\0"}, 60, ) , Data= (68, "ComputerName", Full, 108, ... TitleIdx=0, Type=1, Name="ComputerName", Data="V\0I\0R\0T\0U\0A\0L\0\0\0"}, 60, ) }, 60, ) == 0x0
 00324  2016   NtClose  (68, ... ) == 0x0
 00325  2016   NtClose  (64, ... ) == 0x0
 00326  2016   NtCreateIoCompletion  (0x1f0003, 0x0, 0, ... 64, ) == 0x0
 00327  2016   NtCreateIoCompletion  (0x1f0003, 0x0, -1, ... 68, ) == 0x0
 00328  2016   NtDuplicateObject  (-1, 64, -1, 0x0, 0, 2, ... 72, ) == 0x0
 00329  2016   NtAllocateVirtualMemory  (-1, 1331200, 0, 4096, 4096, 4, ... 1331200, 4096, ) == 0x0
 00330  2016   NtOpenThreadToken  (-2, 0xc, 1, ... ) == STATUS_NO_TOKEN
 00331  2016   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ... 76, ) == 0x0
 00332  2016   NtOpenThreadToken  (-2, 0xc, 1, ... ) == STATUS_NO_TOKEN
 00333  2016   NtSetInformationThread  (-2, ImpersonationToken, {ImpToken=0,}, 4, ... ) == 0x0
 00334  2016   NtCreateFile  (0xc0100080, {24, 0, 0x40, 0, 1243252,  (0xc0100080, {24, 0, 0x40, 0, 1243252, "\??\PIPE\lsarpc"}, 0x0, 0, 3, 1, 64, 0, 0, ... 80, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 64, 0, 0, ... 80, {status=0x0, info=1}, ) == 0x0
 00335  2016   NtSetInformationFile  (80, 1243308, 8, Pipe, ... {status=0x0, info=0}, ) == 0x0
 00336  2016   NtSetInformationFile  (80, 1243296, 8, Completion, ... {status=0x0, info=0}, ) == 0x0
 00337  2016   NtSetInformationThread  (-2, ImpersonationToken, {ImpToken=0,}, 4, ... ) == 0x0
 00338  2016   NtWriteFile  (80, 57, 0, 0,  (80, 57, 0, 0, "\5\0\13\3\20\0\0\0H\0\0\0\1\0\0\0\270\20\270\20\0\0\0\0\1\0\0\0\0\0\1\0xW4\224\22\315\253\357\0\1#Eg\211\253\0\0\0\0\4]\210\212\353\34\311\21\237\350\10\0+\20H`\2\0\0\0", 72, {0, 0}, 0, ... {status=0x0, info=72}, ) , 72, {0, 0}, 0, ... {status=0x0, info=72}, ) == 0x0
 00339  2016   NtReadFile  (80, 57, 0, 0, 1024, {0, 0}, 0, ... {status=0x0, info=68},  (80, 57, 0, 0, 1024, {0, 0}, 0, ... {status=0x0, info=68}, "\5\0\14\3\20\0\0\0D\0\0\0\1\0\0\0\270\20\270\20k+\0\0\14\0\PIPE\lsass\0\0\0\1\0\0\0\0\0\0\0\4]\210\212\353\34\311\21\237\350\10\0+\20H`\2\0\0\0", ) , ) == 0x0
 00340  2016   NtFsControlFile  (80, 57, 0x0, 0x0, 0x11c017,  (80, 57, 0x0, 0x0, 0x11c017, "\5\0\0\3\20\0\0\0@\0\0\0\1\0\0\0(\0\0\0\0\0,\0\0\0\0\0\30\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0<\377\22\0\14\0\0\0\2\0\1\0\0\10\0\0", 64, 1024, ... {status=0x103, info=68}, "\5\0\14\3\20\0\0\0D\0\0\0\1\0\0\0\270\20\270\20k+\0\0\14\0\PIPE\lsass\0\0\0\1\0\0\0\0\0\0\0\4]\210\212\353\34\311\21\237\350\10\0+\20H`\2\0\0\0", ) , 64, 1024, ... {status=0x103, info=68},  (80, 57, 0x0, 0x0, 0x11c017, "\5\0\0\3\20\0\0\0@\0\0\0\1\0\0\0(\0\0\0\0\0,\0\0\0\0\0\30\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0<\377\22\0\14\0\0\0\2\0\1\0\0\10\0\0", 64, 1024, ... {status=0x103, info=68}, "\5\0\14\3\20\0\0\0D\0\0\0\1\0\0\0\270\20\270\20k+\0\0\14\0\PIPE\lsass\0\0\0\1\0\0\0\0\0\0\0\4]\210\212\353\34\311\21\237\350\10\0+\20H`\2\0\0\0", ) , ) == 0x103
 00341  2016   NtFsControlFile  (80, 57, 0x0, 0x0, 0x11c017,  (80, 57, 0x0, 0x0, 0x11c017, "\5\0\0\3\20\0\0\0`\0\0\0\2\0\0\0H\0\0\0\0\0\37\0\0\0\0\0\201\262\254?gS\263F\252\227\2L\355h\28 \0"\0X@\24\0\21\0\0\0\0\0\0\0\20\0\0\0S\0e\0D\0e\0b\0u\0g\0P\0r\0i\0v\0i\0l\0e\0g\0e\0", 96, 1024, ... {status=0x103, info=48}, "\5\0\2\3\20\0\0\00\0\0\0\1\0\0\0\30\0\0\0\0\0\0\0\0\0\0\0\201\262\254?gS\263F\252\227\2L\355h\28\0\0\0\0", ) \0X@\24\0\21\0\0\0\0\0\0\0\20\0\0\0S\0e\0D\0e\0b\0u\0g\0P\0r\0i\0v\0i\0l\0e\0g\0e\0 (80, 57, 0x0, 0x0, 0x11c017, "\5\0\0\3\20\0\0\0`\0\0\0\2\0\0\0H\0\0\0\0\0\37\0\0\0\0\0\201\262\254?gS\263F\252\227\2L\355h\28 \0"\0X@\24\0\21\0\0\0\0\0\0\0\20\0\0\0S\0e\0D\0e\0b\0u\0g\0P\0r\0i\0v\0i\0l\0e\0g\0e\0", 96, 1024, ... {status=0x103, info=48}, "\5\0\2\3\20\0\0\00\0\0\0\1\0\0\0\30\0\0\0\0\0\0\0\0\0\0\0\201\262\254?gS\263F\252\227\2L\355h\28\0\0\0\0", ) \5\0\2\3\20\0\0\00\0\0\0\1\0\0\0\30\0\0\0\0\0\0\0\0\0\0\0\201\262\254?gS\263F\252\227\2L\355h\28\0\0\0\0", ) == 0x103
 00342  2016   NtFsControlFile  (80, 57, 0x0, 0x0, 0x11c017,  (80, 57, 0x0, 0x0, 0x11c017, "\5\0\0\3\20\0\0\0,\0\0\0\3\0\0\0\24\0\0\0\0\0\0\0\0\0\0\0\201\262\254?gS\263F\252\227\2L\355h\28", 44, 1024, ... {status=0x103, info=36}, "\5\0\2\3\20\0\0\0$\0\0\0\2\0\0\0\14\0\0\0\0\0\0\0\24\0\0\0\0\0\0\0\0\0\0\0", ) , 44, 1024, ... {status=0x103, info=36},  (80, 57, 0x0, 0x0, 0x11c017, "\5\0\0\3\20\0\0\0,\0\0\0\3\0\0\0\24\0\0\0\0\0\0\0\0\0\0\0\201\262\254?gS\263F\252\227\2L\355h\28", 44, 1024, ... {status=0x103, info=36}, "\5\0\2\3\20\0\0\0$\0\0\0\2\0\0\0\14\0\0\0\0\0\0\0\24\0\0\0\0\0\0\0\0\0\0\0", ) , ) == 0x103
 00343  2016   NtClose  (76, ... ) == 0x0
 00344  2016   NtClose  (80, ... ) == 0x0
 00345  2016   NtAdjustPrivilegesToken  (40, 0, 1245096, 0, 0, 0, ... ) == 0x0
 00346  2016   NtClose  (40, ... ) == 0x0
 00347  2016   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 4096, 4, ... 3342336, 65536, ) == 0x0
 00348  2016   NtQuerySystemInformation  (ProcessesAndThreads, 65536, ... {system info, class 5, size 500}, 0x0, ) == 0x0
 00349  2016   NtCreateSection  (0xf0007, 0x0, {18400, 0}, 4, 134217728, 0, ... 40, ) == 0x0
 00350  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x340000), {0, 0}, 20480, ) == 0x0
 00351  2016   NtUnmapViewOfSection  (-1, 0x340000, ... ) == 0x0
 00352  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x340000), {0, 0}, 20480, ) == 0x0
 00353  2016   NtFreeVirtualMemory  (-1, (0x330000), 0, 32768, ... (0x330000), 65536, ) == 0x0
 00354  2016   NtUnmapViewOfSection  (-1, 0x340000, ... ) == 0x0
 00355  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00356  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00357  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00358  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00359  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00360  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00361  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00362  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00363  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00364  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00365  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {580, 0}, ... 80, ) == 0x0
 00366  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 76, ) }, ... 76, ) == 0x0
 00367  2016   NtMapViewOfSection  (76, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ff90000), 0x0, 28672, ) == 0x0
 00368  2016   NtClose  (76, ... ) == 0x0
 00369  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00370  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mh\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00371  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00372  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fh\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00373  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00374  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Lh\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00375  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00376  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Lh\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00377  2016   NtAllocateVirtualMemory  (80, 0, 0, 1048576, 8192, 4, ... 27852800, 1048576, ) == 0x0
 00378  2016   NtAllocateVirtualMemory  (80, 28893184, 0, 8192, 4096, 4, ... 28893184, 8192, ) == 0x0
 00379  2016   NtProtectVirtualMemory  (80, (0x1b8e000), 4096, 260, ... (0x1b8e000), 4096, 4, ) == 0x0
 00380  2016   NtCreateThread  (0x1f03ff, 0x0, 80, 1243840, 1243784, 1, ... 76, {580, 1708}, ) == 0x0
 00381  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 0, 0, 0, 0}  (24, {28, 56, new_msg, 0, 0, 0, 0, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0L\0\0\0D\2\0\0\254\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81844, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0L\0\0\0D\2\0\0\254\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81844, 0}  (24, {28, 56, new_msg, 0, 0, 0, 0, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0L\0\0\0D\2\0\0\254\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81844, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0L\0\0\0D\2\0\0\254\6\0\0" )  ) == 0x0
 00382  2016   NtResumeThread  (76, ... 1, ) == 0x0
 00383  2016   NtDelayExecution  (0, {-100000, -1}, ... ) == 0x0
 00384  2016   NtDelayExecution  (0, {-100000, -1}, ... ) == 0x0
 00385  2016   NtDelayExecution  (0, {-100000, -1}, ... ) == 0x0
 00386  2016   NtDelayExecution  (0, {-100000, -1}, ... ) == 0x0
 00387  2016   NtDelayExecution  (0, {-100000, -1}, ... ) == 0x0
 00388  2016   NtDelayExecution  (0, {-100000, -1}, ... ) == 0x0
 00389  2016   NtDelayExecution  (0, {-100000, -1}, ... ) == 0x0
 00390  2016   NtDelayExecution  (0, {-100000, -1}, ... ) == 0x0
 00391  2016   NtClose  (80, ... ) == 0x0
 00392  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00393  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00394  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {640, 0}, ... 80, ) == 0x0
 00395  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00396  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ff90000), 0x0, 28672, ) == 0x0
 00397  2016   NtClose  (84, ... ) == 0x0
 00398  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00399  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mh\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00400  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00401  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fh\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00402  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00403  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Lh\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00404  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00405  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Lh\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00406  2016   NtClose  (80, ... ) == 0x0
 00407  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00408  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00409  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {652, 0}, ... 80, ) == 0x0
 00410  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00411  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ff90000), 0x0, 28672, ) == 0x0
 00412  2016   NtClose  (84, ... ) == 0x0
 00413  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00414  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mh\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00415  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00416  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fh\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00417  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00418  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Lh\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00419  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00420  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Lh\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00421  2016   NtClose  (80, ... ) == 0x0
 00422  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00423  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00424  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {816, 0}, ... 80, ) == 0x0
 00425  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00426  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00427  2016   NtClose  (84, ... ) == 0x0
 00428  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00429  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00430  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00431  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00432  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00433  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00434  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00435  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00436  2016   NtClose  (80, ... ) == 0x0
 00437  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00438  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00439  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {904, 0}, ... 80, ) == 0x0
 00440  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00441  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00442  2016   NtClose  (84, ... ) == 0x0
 00443  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00444  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00445  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00446  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00447  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00448  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00449  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00450  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00451  2016   NtClose  (80, ... ) == 0x0
 00452  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00453  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00454  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {1000, 0}, ... 80, ) == 0x0
 00455  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00456  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ff50000), 0x0, 28672, ) == 0x0
 00457  2016   NtClose  (84, ... ) == 0x0
 00458  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00459  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Md\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00460  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00461  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fd\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00462  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00463  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Ld\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00464  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00465  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Ld\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00466  2016   NtClose  (80, ... ) == 0x0
 00467  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00468  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00469  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {1044, 0}, ... 80, ) == 0x0
 00470  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00471  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00472  2016   NtClose  (84, ... ) == 0x0
 00473  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00474  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00475  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00476  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00477  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00478  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00479  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00480  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00481  2016   NtClose  (80, ... ) == 0x0
 00482  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00483  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00484  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {1196, 0}, ... 80, ) == 0x0
 00485  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00486  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00487  2016   NtClose  (84, ... ) == 0x0
 00488  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00489  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00490  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00491  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00492  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00493  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00494  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00495  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00496  2016   NtClose  (80, ... ) == 0x0
 00497  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00498  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00499  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {1468, 0}, ... 80, ) == 0x0
 00500  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00501  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00502  2016   NtClose  (84, ... ) == 0x0
 00503  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00504  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00505  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00506  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00507  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00508  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00509  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00510  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00511  2016   NtClose  (80, ... ) == 0x0
 00512  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00513  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00514  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {1720, 0}, ... 80, ) == 0x0
 00515  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00516  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00517  2016   NtClose  (84, ... ) == 0x0
 00518  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00519  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00520  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00521  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00522  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00523  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00524  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00525  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00526  2016   NtClose  (80, ... ) == 0x0
 00527  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00528  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00529  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {1888, 0}, ... 80, ) == 0x0
 00530  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00531  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00532  2016   NtClose  (84, ... ) == 0x0
 00533  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00534  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00535  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00536  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00537  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00538  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00539  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00540  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00541  2016   NtClose  (80, ... ) == 0x0
 00542  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00543  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00544  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {2024, 0}, ... 80, ) == 0x0
 00545  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00546  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00547  2016   NtClose  (84, ... ) == 0x0
 00548  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00549  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00550  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00551  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00552  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00553  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00554  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00555  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00556  2016   NtClose  (80, ... ) == 0x0
 00557  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00558  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00559  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {196, 0}, ... 80, ) == 0x0
 00560  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00561  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00562  2016   NtClose  (84, ... ) == 0x0
 00563  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00564  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00565  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00566  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00567  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00568  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00569  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00570  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00571  2016   NtClose  (80, ... ) == 0x0
 00572  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00573  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00574  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {160, 0}, ... 80, ) == 0x0
 00575  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00576  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00577  2016   NtClose  (84, ... ) == 0x0
 00578  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00579  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00580  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00581  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00582  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00583  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00584  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00585  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00586  2016   NtClose  (80, ... ) == 0x0
 00587  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00588  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00589  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {260, 0}, ... 80, ) == 0x0
 00590  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00591  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00592  2016   NtClose  (84, ... ) == 0x0
 00593  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00594  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00595  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00596  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00597  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00598  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00599  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00600  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00601  2016   NtClose  (80, ... ) == 0x0
 00602  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00603  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00604  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {288, 0}, ... 80, ) == 0x0
 00605  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00606  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00607  2016   NtClose  (84, ... ) == 0x0
 00608  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00609  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00610  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00611  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00612  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00613  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00614  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00615  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00616  2016   NtClose  (80, ... ) == 0x0
 00617  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00618  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00619  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {412, 0}, ... 80, ) == 0x0
 00620  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00621  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00622  2016   NtClose  (84, ... ) == 0x0
 00623  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00624  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00625  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00626  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00627  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00628  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00629  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00630  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00631  2016   NtClose  (80, ... ) == 0x0
 00632  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00633  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00634  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {1408, 0}, ... 80, ) == 0x0
 00635  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00636  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00637  2016   NtClose  (84, ... ) == 0x0
 00638  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00639  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00640  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00641  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00642  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00643  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00644  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00645  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00646  2016   NtClose  (80, ... ) == 0x0
 00647  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00648  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00649  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {556, 0}, ... 80, ) == 0x0
 00650  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00651  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00652  2016   NtClose  (84, ... ) == 0x0
 00653  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00654  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00655  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00656  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00657  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00658  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00659  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00660  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00661  2016   NtClose  (80, ... ) == 0x0
 00662  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00663  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00664  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {1204, 0}, ... 80, ) == 0x0
 00665  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00666  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00667  2016   NtClose  (84, ... ) == 0x0
 00668  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00669  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00670  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00671  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00672  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00673  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00674  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00675  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00676  2016   NtClose  (80, ... ) == 0x0
 00677  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00678  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00679  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {1452, 0}, ... 80, ) == 0x0
 00680  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00681  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00682  2016   NtClose  (84, ... ) == 0x0
 00683  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00684  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00685  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00686  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00687  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00688  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00689  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00690  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00691  2016   NtClose  (80, ... ) == 0x0
 00692  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00693  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00694  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {784, 0}, ... 80, ) == 0x0
 00695  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00696  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00697  2016   NtClose  (84, ... ) == 0x0
 00698  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00699  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00700  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00701  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00702  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00703  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00704  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00705  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00706  2016   NtClose  (80, ... ) == 0x0
 00707  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00708  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00709  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {488, 0}, ... 80, ) == 0x0
 00710  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00711  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00712  2016   NtClose  (84, ... ) == 0x0
 00713  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00714  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00715  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00716  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00717  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00718  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00719  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00720  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00721  2016   NtClose  (80, ... ) == 0x0
 00722  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00723  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00724  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {1208, 0}, ... 80, ) == 0x0
 00725  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00726  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00727  2016   NtClose  (84, ... ) == 0x0
 00728  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00729  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00730  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00731  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00732  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00733  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00734  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00735  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00736  2016   NtClose  (80, ... ) == 0x0
 00737  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00738  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00739  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {168, 0}, ... 80, ) == 0x0
 00740  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00741  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00742  2016   NtClose  (84, ... ) == 0x0
 00743  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00744  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00745  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00746  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00747  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00748  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00749  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00750  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00751  2016   NtClose  (80, ... ) == 0x0
 00752  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00753  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00754  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {764, 0}, ... 80, ) == 0x0
 00755  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00756  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00757  2016   NtClose  (84, ... ) == 0x0
 00758  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00759  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00760  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00761  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00762  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00763  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00764  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00765  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00766  2016   NtClose  (80, ... ) == 0x0
 00767  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00768  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00769  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {868, 0}, ... 80, ) == 0x0
 00770  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00771  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00772  2016   NtClose  (84, ... ) == 0x0
 00773  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00774  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00775  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00776  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00777  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00778  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00779  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00780  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00781  2016   NtClose  (80, ... ) == 0x0
 00782  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00783  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00784  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {808, 0}, ... 80, ) == 0x0
 00785  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00786  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00787  2016   NtClose  (84, ... ) == 0x0
 00788  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00789  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00790  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00791  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00792  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00793  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00794  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00795  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00796  2016   NtClose  (80, ... ) == 0x0
 00797  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00798  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00799  2016   NtOpenProcess  (0x2a, {24, 0, 0x0, 0, 0, 0x0}, {896, 0}, ... 80, ) == 0x0
 00800  2016   NtOpenSection  (0xe, {24, 16, 0x0, 0, 0,  (0xe, {24, 16, 0x0, 0, 0, "W32_Virtu"}, ... 84, ) }, ... 84, ) == 0x0
 00801  2016   NtMapViewOfSection  (84, 80, (0x0), 0, 27086, 0x0, 27086, 2, 1048576, 64, ... (0x7ffa0000), 0x0, 28672, ) == 0x0
 00802  2016   NtClose  (84, ... ) == 0x0
 00803  2016   NtProtectVirtualMemory  (80, (0x7c90d682), 5, 64, ... (0x7c90d000), 4096, 32, ) == 0x0
 00804  2016   NtWriteVirtualMemory  (80, 0x7c90d682,  (80, 0x7c90d682, "\350\15Mi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00805  2016   NtProtectVirtualMemory  (80, (0x7c90dcfd), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00806  2016   NtWriteVirtualMemory  (80, 0x7c90dcfd,  (80, 0x7c90dcfd, "\350\337Fi\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00807  2016   NtProtectVirtualMemory  (80, (0x7c90d754), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00808  2016   NtWriteVirtualMemory  (80, 0x7c90d754,  (80, 0x7c90d754, "\350\217Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00809  2016   NtProtectVirtualMemory  (80, (0x7c90d769), 5, 64, ... (0x7c90d000), 4096, 64, ) == 0x0
 00810  2016   NtWriteVirtualMemory  (80, 0x7c90d769,  (80, 0x7c90d769, "\350\207Li\3", 5, ... 0x0, ) , 5, ... 0x0, ) == 0x0
 00811  2016   NtClose  (80, ... ) == 0x0
 00812  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x330000), {0, 0}, 20480, ) == 0x0
 00813  2016   NtUnmapViewOfSection  (-1, 0x330000, ... ) == 0x0
 00814  2016   NtClose  (40, ... ) == 0x0
 00815  2016   NtClose  (28, ... ) == 0x0
 00816  2016   NtQueryVirtualMemory  (-1, 0x40980f, Basic, 28, ... {BaseAddress=0x409000,AllocationBase=0x400000,AllocationProtect=0x80,RegionSize=0x4000,State=0x1000,Protect=0x40,Type=0x1000000,}, 28, ) == 0x0
 00817  2016   NtContinue  (1244400, 0, ...
 00818  2016   NtAllocateVirtualMemory  (-1, 0, 0, 2395, 4096, 64, ... 3342336, 4096, ) == 0x0
 00819  2016   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "user32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00820  2016   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x7e410000), 0x0, 589824, ) == 0x0
 00821  2016   NtClose  (28, ... ) == 0x0
 00822  2016   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "GDI32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00823  2016   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77f10000), 0x0, 290816, ) == 0x0
 00824  2016   NtClose  (28, ... ) == 0x0
 00825  2016   NtProtectVirtualMemory  (-1, (0x77f11000), 508, 4, ... (0x77f11000), 4096, 32, ) == 0x0
 00826  2016   NtProtectVirtualMemory  (-1, (0x77f11000), 4096, 32, ... (0x77f11000), 4096, 4, ) == 0x0
 00827  2016   NtFlushInstructionCache  (-1, 2012286976, 508, ... ) == 0x0
 00828  2016   NtProtectVirtualMemory  (-1, (0x77f11000), 508, 4, ... (0x77f11000), 4096, 32, ) == 0x0
 00829  2016   NtProtectVirtualMemory  (-1, (0x77f11000), 4096, 32, ... (0x77f11000), 4096, 4, ) == 0x0
 00830  2016   NtFlushInstructionCache  (-1, 2012286976, 508, ... ) == 0x0
 00831  2016   NtProtectVirtualMemory  (-1, (0x77f11000), 508, 4, ... (0x77f11000), 4096, 32, ) == 0x0
 00832  2016   NtProtectVirtualMemory  (-1, (0x77f11000), 4096, 32, ... (0x77f11000), 4096, 4, ) == 0x0
 00833  2016   NtFlushInstructionCache  (-1, 2012286976, 508, ... ) == 0x0
 00834  2016   NtProtectVirtualMemory  (-1, (0x7e411000), 1252, 4, ... (0x7e411000), 4096, 32, ) == 0x0
 00835  2016   NtProtectVirtualMemory  (-1, (0x7e411000), 4096, 32, ... (0x7e411000), 4096, 4, ) == 0x0
 00836  2016   NtFlushInstructionCache  (-1, 2118193152, 1252, ... ) == 0x0
 00837  2016   NtProtectVirtualMemory  (-1, (0x7e411000), 1252, 4, ... (0x7e411000), 4096, 32, ) == 0x0
 00838  2016   NtProtectVirtualMemory  (-1, (0x7e411000), 4096, 32, ... (0x7e411000), 4096, 4, ) == 0x0
 00839  2016   NtFlushInstructionCache  (-1, 2118193152, 1252, ... ) == 0x0
 00840  2016   NtProtectVirtualMemory  (-1, (0x7e411000), 1252, 4, ... (0x7e411000), 4096, 32, ) == 0x0
 00841  2016   NtProtectVirtualMemory  (-1, (0x7e411000), 4096, 32, ... (0x7e411000), 4096, 4, ) == 0x0
 00842  2016   NtFlushInstructionCache  (-1, 2118193152, 1252, ... ) == 0x0
 00843  2016   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GDI32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00844  2016   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\user32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00845  2016   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00846  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 2089900645, 0, 2090320576, 1241608}  (24, {28, 56, new_msg, 0, 2089900645, 0, 2090320576, 1241608} "\210\6!\1\0\0\0\0\344\0\23\0\4\0\0\0\3\0\0\0\234\6!\1$\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81845, 0} "\320G\26\0\0\0\0\0\0\0\0\0\4\0\0\0\3\0\0\0\234\6!\1$\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81845, 0}  (24, {28, 56, new_msg, 0, 2089900645, 0, 2090320576, 1241608} "\210\6!\1\0\0\0\0\344\0\23\0\4\0\0\0\3\0\0\0\234\6!\1$\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81845, 0} "\320G\26\0\0\0\0\0\0\0\0\0\4\0\0\0\3\0\0\0\234\6!\1$\1\0\0" )  ) == 0x0
 00847  2016   NtFsControlFile  (12, 0, 0x0, 0x0, 0x90028, 0x0, 0, 0, ... {status=0x0, info=0}, 0x0, ) == 0x0
 00848  2016   NtAllocateVirtualMemory  (-1, 1335296, 0, 4096, 4096, 4, ... 1335296, 4096, ) == 0x0
 00849  2016   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 1239000, ... ) }, 1239000, ... ) == 0x0
 00850  2016   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 5, 96, ... 28, {status=0x0, info=1}, ) }, 5, 96, ... 28, {status=0x0, info=1}, ) == 0x0
 00851  2016   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 28, ... 40, ) == 0x0
 00852  2016   NtClose  (28, ... ) == 0x0
 00853  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0x340000), 0x0, 110592, ) == 0x0
 00854  2016   NtClose  (40, ... ) == 0x0
 00855  2016   NtUnmapViewOfSection  (-1, 0x340000, ... ) == 0x0
 00856  2016   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 1238908, ... ) }, 1238908, ... ) == 0x0
 00857  2016   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 5, 96, ... 40, {status=0x0, info=1}, ) }, 5, 96, ... 40, {status=0x0, info=1}, ) == 0x0
 00858  2016   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 40, ... 28, ) == 0x0
 00859  2016   NtClose  (40, ... ) == 0x0
 00860  2016   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0x340000), 0x0, 110592, ) == 0x0
 00861  2016   NtClose  (28, ... ) == 0x0
 00862  2016   NtUnmapViewOfSection  (-1, 0x340000, ... ) == 0x0
 00863  2016   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 1239216, ... ) }, 1239216, ... ) == 0x0
 00864  2016   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 5, 96, ... 28, {status=0x0, info=1}, ) }, 5, 96, ... 28, {status=0x0, info=1}, ) == 0x0
 00865  2016   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 28, ... 40, ) == 0x0
 00866  2016   NtQuerySection  (40, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00867  2016   NtOpenProcessToken  (-1, 0x8, ... 80, ) == 0x0
 00868  2016   NtQueryInformationToken  (80, User, 136, ... {token info, class 1, size 36}, 36, ) == 0x0
 00869  2016   NtOpenKey  (0x3, {24, 0, 0x40, 0, 0,  (0x3, {24, 0, 0x40, 0, 0, "\Registry\MACHINE\System\CurrentControlSet\Control\SafeBoot\Option"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00870  2016   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers"}, ... 84, ) }, ... 84, ) == 0x0
 00871  2016   NtQueryValueKey  (84,  (84, "TransparentEnabled", Partial, 80, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 80, ... TitleIdx=0, Type=4, Data= (84, "TransparentEnabled", Partial, 80, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00872  2016   NtClose  (84, ... ) == 0x0
 00873  2016   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00874  2016   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... 84, ) == 0x0
 00875  2016   NtQueryInformationToken  (84, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00876  2016   NtClose  (84, ... ) == 0x0
 00877  2016   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\REGISTRY\USER\S-1-5-21-1292428093-1383384898-725345543-1003\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00878  2016   NtClose  (80, ... ) == 0x0
 00879  2016   NtClose  (28, ... ) == 0x0
 00880  2016   NtMapViewOfSection  (40, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x76390000), 0x0, 118784, ) == 0x0
 00881  2016   NtClose  (40, ... ) == 0x0
 00882  2016   NtProtectVirtualMemory  (-1, (0x76391000), 696, 4, ... (0x76391000), 4096, 32, ) == 0x0
 00883  2016   NtProtectVirtualMemory  (-1, (0x76391000), 4096, 32, ... (0x76391000), 4096, 4, ) == 0x0
 00884  2016   NtFlushInstructionCache  (-1, 1983451136, 696, ... ) == 0x0
 00885  2016   NtProtectVirtualMemory  (-1, (0x76391000), 696, 4, ... (0x76391000), 4096, 32, ) == 0x0
 00886  2016   NtProtectVirtualMemory  (-1, (0x76391000), 4096, 32, ... (0x76391000), 4096, 4, ) == 0x0
 00887  2016   NtFlushInstructionCache  (-1, 1983451136, 696, ... ) == 0x0
 00888  2016   NtProtectVirtualMemory  (-1, (0x76391000), 696, 4, ... (0x76391000), 4096, 32, ) == 0x0
 00889  2016   NtProtectVirtualMemory  (-1, (0x76391000), 4096, 32, ... (0x76391000), 4096, 4, ) == 0x0
 00890  2016   NtFlushInstructionCache  (-1, 1983451136, 696, ... ) == 0x0
 00891  2016   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMM32.DLL"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00892  2016   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00893  2016   NtAllocateVirtualMemory  (-1, 1228800, 0, 4096, 4096, 260, ... 1228800, 4096, ) == 0x0
 00894  2016   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 1236132, ... ) }, 1236132, ... ) == 0x0
 00895  2016   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 1239536, ... ) }, 1239536, ... ) == 0x0
 00896  2016   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Error Message Instrument\"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00897  2016   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize"}, ... 40, ) }, ... 40, ) == 0x0
 00898  2016   NtQueryValueKey  (40,  (40, "DisableMetaFiles", Partial, 20, ... ) , Partial, 20, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00899  2016   NtClose  (40, ... ) == 0x0
 00900  2016   NtMapViewOfSection  (-2147481628, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x500000), 0x0, 1060864, ) == 0x0
 00901  2016   NtClose  (-2147481628, ... ) == 0x0
 00902  2016   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ... 40, ) == 0x0
 00903  2016   NtOpenThreadTokenEx  (-2, 0x8, 1, 512, ... ) == STATUS_NO_TOKEN
 00904  2016   NtOpenProcessTokenEx  (-1, 0x8, 512, ... -2147481628, ) == 0x0
 00905  2016   NtQueryInformationToken  (-2147481628, Statistics, 0, ... ) == STATUS_BUFFER_TOO_SMALL
 00906  2016   NtQueryInformationToken  (-2147481628, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 00907  2016   NtClose  (-2147481628, ... ) == 0x0
 00908  2016   NtAllocateVirtualMemory  (-1, 0, 0, 32, 4096, 4, ... 3407872, 4096, ) == 0x0
 00909  2016   NtFreeVirtualMemory  (-1, (0x340000), 4096, 32768, ... (0x340000), 4096, ) == 0x0
 00910  2016   NtDuplicateObject  (-1, 28, -1, 0x0, 0, 2, ... 84, ) == 0x0
 00911  2016   NtOpenKey  (0x20019, {24, 0, 0x240, 0, 0,  (0x20019, {24, 0, 0x240, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32"}, ... -2147481628, ) }, ... -2147481628, ) == 0x0
 00912  2016   NtQueryValueKey  (-2147481628,  (-2147481628, "packed", Partial, 172, ... ) , Partial, 172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00913  2016   NtClose  (-2147481628, ... ) == 0x0
 00914  2016   NtOpenKey  (0x20019, {24, 0, 0x240, 0, 0,  (0x20019, {24, 0, 0x240, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility"}, ... -2147481628, ) }, ... -2147481628, ) == 0x0
 00915  2016   NtQueryValueKey  (-2147481628,  (-2147481628, "packed", Partial, 172, ... ) , Partial, 172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00916  2016   NtClose  (-2147481628, ... ) == 0x0
 00917  2016   NtQueryDefaultLocale  (0, -142137012, ... ) == 0x0
 00918  2016   NtGdiQueryFontAssocInfo  (0, ... ) == 0x0
 00919  2016   NtUserCallNoParam  (24, ... ) == 0x0
 00920  2016   NtGdiCreateCompatibleDC  (0, ...
 00921  2016   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 12288, 4, ... 3407872, 4096, ) == 0x0
 00920  2016   NtGdiCreateCompatibleDC  ... ) == 0x860107ab
 00922  2016   NtGdiGetStockObject  (0, ... ) == 0x1900010
 00923  2016   NtGdiGetStockObject  (4, ... ) == 0x1900011
 00924  2016   NtGdiCreateBitmap  (8, 8, 1, 1, 2118200212, ... ) == 0x870506a2
 00925  2016   NtGdiCreateSolidBrush  (0, 0, ...
 00926  2016   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 12288, 4, ... 3473408, 4096, ) == 0x0
 00925  2016   NtGdiCreateSolidBrush  ... ) == 0x1100680
 00927  2016   NtGdiGetStockObject  (13, ... ) == 0x18a0021
 00928  2016   NtGdiCreateCompatibleDC  (0, ... ) == 0xf6010687
 00929  2016   NtGdiSelectBitmap  (-167704953, -2029713758, ... ) == 0x185000f
 00930  2016   NtUserGetThreadDesktop  (2016, 0, ... ) == 0x50
 00931  2016   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Windows"}, ... 88, ) }, ... 88, ) == 0x0
 00932  2016   NtQueryValueKey  (88,  (88, "AppInit_DLLs", Partial, 64, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) , Partial, 64, ... TitleIdx=0, Type=1, Data= (88, "AppInit_DLLs", Partial, 64, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) }, 14, ) == 0x0
 00933  2016   NtClose  (88, ... ) == 0x0
 00934  2016   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00935  2016   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 673, 128, 0, ... ) == 0x8168c017
 00936  2016   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00937  2016   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 674, 128, 0, ... ) == 0x8168c01c
 00938  2016   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00939  2016   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 675, 128, 0, ... ) == 0x8168c01e
 00940  2016   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00941  2016   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 676, 128, 0, ... ) == 0x81688002
 00942  2016   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10013
 00943  2016   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 677, 128, 0, ... ) == 0x8168c018
 00944  2016   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00945  2016   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 678, 128, 0, ... ) == 0x8168c01a
 00946  2016   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00947  2016   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 679, 128, 0, ... ) == 0x8168c01d
 00948  2016   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00949  2016   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 681, 128, 0, ... ) == 0x8168c026
 00950  2016   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00951  2016   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 680, 128, 0, ... ) == 0x8168c019
 00952  2016   NtUserRegisterClassExWOW  (1240676, 1240744, 1240760, 1240776, 0, 128, 0, ... ) == 0x8168c020
 00953  2016   NtUserRegisterClassExWOW  (1240932, 1241028, 1241012, 1241000, 0, 130, 0, ... ) == 0x8168c022
 00954  2016   NtUserRegisterClassExWOW  (1240676, 1240744, 1240760, 1240776, 0, 128, 0, ... ) == 0x8168c023
 00955  2016   NtUserRegisterClassExWOW  (1240932, 1241028, 1241012, 1241000, 0, 130, 0, ... ) == 0x8168c024
 00956  2016   NtUserRegisterClassExWOW  (1240676, 1240744, 1240760, 1240776, 0, 128, 0, ... ) == 0x8168c025
 00957  2016   NtCallbackReturn  (0, 0, 0, ...
 00958  2016   NtGdiInit  (... ) == 0x1
 00959  2016   NtGdiGetStockObject  (18, ... ) == 0x290001c
 00960  2016   NtGdiGetStockObject  (19, ... ) == 0x1b00019
 00961  2016   NtAllocateVirtualMemory  (-1, 0, 0, 26112, 4096, 64, ... 3538944, 28672, ) == 0x0
 00962  2016   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "WS2_32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00963  2016   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\WS2_32.dll"}, 1242908, ... ) }, 1242908, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00964  2016   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\WS2_32.dll"}, 1242908, ... ) }, 1242908, ... ) == 0x0
 00965  2016   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\WS2_32.dll"}, 5, 96, ... 88, {status=0x0, info=1}, ) }, 5, 96, ... 88, {status=0x0, info=1}, ) == 0x0
 00966  2016   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 88, ... 92, ) == 0x0
 00967  2016   NtQuerySection  (92, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00968  2016   NtClose  (88, ... ) == 0x0
 00969  2016   NtMapViewOfSection  (92, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71ab0000), 0x0, 94208, ) == 0x0
 00970  2016   NtClose  (92, ... ) == 0x0
 00971  2016   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "msvcrt.dll"}, ... 92, ) }, ... 92, ) == 0x0
 00972  2016   NtMapViewOfSection  (92, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77c10000), 0x0, 360448, ) == 0x0
 00973  2016   NtClose  (92, ... ) == 0x0
 00974  2016   NtProtectVirtualMemory  (-1, (0x77c11000), 632, 4, ... (0x77c11000), 4096, 32, ) == 0x0
 00975  2016   NtProtectVirtualMemory  (-1, (0x77c11000), 4096, 32, ... (0x77c11000), 4096, 4, ) == 0x0
 00976  2016   NtFlushInstructionCache  (-1, 2009141248, 632, ... ) == 0x0
 00977  2016   NtProtectVirtualMemory  (-1, (0x71ab1000), 468, 4, ... (0x71ab1000), 4096, 32, ) == 0x0
 00978  2016   NtProtectVirtualMemory  (-1, (0x71ab1000), 4096, 32, ... (0x71ab1000), 4096, 4, ) == 0x0
 00979  2016   NtFlushInstructionCache  (-1, 1907036160, 468, ... ) == 0x0
 00980  2016   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "WS2HELP.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00981  2016   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\WS2HELP.dll"}, 1242092, ... ) }, 1242092, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00982  2016   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\WS2HELP.dll"}, 1242092, ... ) }, 1242092, ... ) == 0x0
 00983  2016   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\WS2HELP.dll"}, 5, 96, ... 92, {status=0x0, info=1}, ) }, 5, 96, ... 92, {status=0x0, info=1}, ) == 0x0
 00984  2016   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 92, ... 88, ) == 0x0
 00985  2016   NtQuerySection  (88, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00986  2016   NtClose  (92, ... ) == 0x0
 00987  2016   NtMapViewOfSection  (88, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71aa0000), 0x0, 32768, ) == 0x0
 00988  2016   NtClose  (88, ... ) == 0x0
 00989  2016   NtProtectVirtualMemory  (-1, (0x71aa1000), 352, 4, ... (0x71aa1000), 4096, 32, ) == 0x0
 00990  2016   NtProtectVirtualMemory  (-1, (0x71aa1000), 4096, 32, ... (0x71aa1000), 4096, 4, ) == 0x0
 00991  2016   NtFlushInstructionCache  (-1, 1906970624, 352, ... ) == 0x0
 00992  2016   NtProtectVirtualMemory  (-1, (0x71ab1000), 468, 4, ... (0x71ab1000), 4096, 32, ) == 0x0
 00993  2016   NtProtectVirtualMemory  (-1, (0x71ab1000), 4096, 32, ... (0x71ab1000), 4096, 4, ) == 0x0
 00994  2016   NtFlushInstructionCache  (-1, 1907036160, 468, ... ) == 0x0
 00995  2016   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvcrt.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00996  2016   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00997  2016   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 3604480, 65536, ) == 0x0
 00998  2016   NtAllocateVirtualMemory  (-1, 3604480, 0, 4096, 4096, 4, ... 3604480, 4096, ) == 0x0
 00999  2016   NtAllocateVirtualMemory  (-1, 3608576, 0, 8192, 4096, 4, ... 3608576, 8192, ) == 0x0
 01000  2016   NtAllocateVirtualMemory  (-1, 3616768, 0, 4096, 4096, 4, ... 3616768, 4096, ) == 0x0
 01001  2016   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionCType"}, ... 88, ) }, ... 88, ) == 0x0
 01002  2016   NtMapViewOfSection  (88, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x380000), 0x0, 12288, ) == 0x0
 01003  2016   NtClose  (88, ... ) == 0x0
 01004  2016   NtAllocateVirtualMemory  (-1, 3620864, 0, 4096, 4096, 4, ... 3620864, 4096, ) == 0x0
 01005  2016   NtQueryVirtualMemory  (-1, 0x77c2807c, Basic, 28, ... {BaseAddress=0x77c28000,AllocationBase=0x77c10000,AllocationProtect=0x80,RegionSize=0x35000,State=0x1000,Protect=0x20,Type=0x1000000,}, 28, ) == 0x0
 01006  2016   NtQueryInformationProcess  (-1, 36, 4, ... {process info, class 36, size 4}, 0x0, ) == 0x0
 01007  2016   NtQueryInformationProcess  (-1, 36, 4, ... {process info, class 36, size 4}, 0x0, ) == 0x0
 01008  2016   NtQueryVirtualMemory  (-1, 0x0, Basic, 28, ... {BaseAddress=0x0,AllocationBase=0x0,AllocationProtect=0x0,RegionSize=0x10000,State=0x10000,Protect=0x1,Type=0x0,}, 28, ) == 0x0
 01009  2016   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2HELP.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01010  2016   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2_32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01011  2016   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 01012  2016   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 01013  2016   NtFreeVirtualMemory  (-1, (0x360000), 0, 32768, ... (0x360000), 28672, ) == 0x0
 01014  2016   NtFreeVirtualMemory  (-1, (0x330144), 0, 32768, ... (0x330000), 4096, ) == 0x0
 01015  2016   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 01016  2016   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 3342336, 65536, ) == 0x0
 01017  2016   NtAllocateVirtualMemory  (-1, 3342336, 0, 4096, 4096, 4, ... 3342336, 4096, ) == 0x0
 01018  2016   NtAllocateVirtualMemory  (-1, 3346432, 0, 20480, 4096, 4, ... 3346432, 20480, ) == 0x0
 01019  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 9502720, 1048576, ) == 0x0
 01020  2016   NtAllocateVirtualMemory  (-1, 9502720, 0, 32768, 4096, 4, ... 9502720, 32768, ) == 0x0
 01021  2016   NtCreateMutant  (0x1f0001, {24, 16, 0x80, 0, 0,  (0x1f0001, {24, 16, 0x80, 0, 0, "Jobaka3"}, 0, ... 88, ) }, 0, ... 88, ) == 0x0
 01022  2016   NtOpenKey  (0x2000000, {24, 36, 0x40, 0, 0,  (0x2000000, {24, 36, 0x40, 0, 0, "System\CurrentControlSet\Services\WinSock2\Parameters"}, ... 92, ) }, ... 92, ) == 0x0
 01023  2016   NtQueryValueKey  (92,  (92, "WinSock_Registry_Version", Partial, 144, ... TitleIdx=0, Type=1, Data="2\0.\00\0\0\0"}, 20, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (92, "WinSock_Registry_Version", Partial, 144, ... TitleIdx=0, Type=1, Data="2\0.\00\0\0\0"}, 20, ) }, 20, ) == 0x0
 01024  2016   NtQueryValueKey  (92,  (92, "WinSock_Registry_Version", Partial, 144, ... TitleIdx=0, Type=1, Data="2\0.\00\0\0\0"}, 20, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (92, "WinSock_Registry_Version", Partial, 144, ... TitleIdx=0, Type=1, Data="2\0.\00\0\0\0"}, 20, ) }, 20, ) == 0x0
 01025  2016   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 96, ) == 0x0
 01026  2016   NtOpenKey  (0x2000000, {24, 92, 0x40, 0, 0,  (0x2000000, {24, 92, 0x40, 0, 0, "Protocol_Catalog9"}, ... 100, ) }, ... 100, ) == 0x0
 01027  2016   NtQueryValueKey  (100,  (100, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\15\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (100, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\15\0\0\0"}, 16, ) }, 16, ) == 0x0
 01028  2016   NtNotifyChangeKey  (100, 96, 0, 0, 2011455960, 1, 0, 0, 0, 1, ... ) == 0x103
 01029  2016   NtQueryValueKey  (100,  (100, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\15\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (100, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\15\0\0\0"}, 16, ) }, 16, ) == 0x0
 01030  2016   NtOpenKey  (0x2000000, {24, 100, 0x40, 0, 0,  (0x2000000, {24, 100, 0x40, 0, 0, "0000000D"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01031  2016   NtQueryValueKey  (100,  (100, "Next_Catalog_Entry_ID", Partial, 144, ... TitleIdx=0, Type=4, Data="#\4\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (100, "Next_Catalog_Entry_ID", Partial, 144, ... TitleIdx=0, Type=4, Data="#\4\0\0"}, 16, ) }, 16, ) == 0x0
 01032  2016   NtQueryValueKey  (100,  (100, "Num_Catalog_Entries", Partial, 144, ... TitleIdx=0, Type=4, Data="\26\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (100, "Num_Catalog_Entries", Partial, 144, ... TitleIdx=0, Type=4, Data="\26\0\0\0"}, 16, ) }, 16, ) == 0x0
 01033  2016   NtOpenKey  (0x2000000, {24, 100, 0x40, 0, 0,  (0x2000000, {24, 100, 0x40, 0, 0, "Catalog_Entries"}, ... 104, ) }, ... 104, ) == 0x0
 01034  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000001"}, ... 108, ) }, ... 108, ) == 0x0
 01035  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01036  2016   NtAllocateVirtualMemory  (-1, 1339392, 0, 4096, 4096, 4, ... 1339392, 4096, ) == 0x0
 01037  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01038  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5f\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\351\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0T\0C\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\17\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0\17\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\20\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\02\0\20\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0\21\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\21\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\22\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5f\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\351\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0T\0C\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\17\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0\17\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\20\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\02\0\20\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0\21\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\21\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\22\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\21\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\22\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0 (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5f\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\351\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0T\0C\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\17\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0\17\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\20\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\02\0\20\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0\21\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\21\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\22\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01039  2016   NtClose  (108, ... ) == 0x0
 01040  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000002"}, ... 108, ) }, ... 108, ) == 0x0
 01041  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01042  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01043  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\352\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0U\0D\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\24\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0\24\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\25\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\03\0\25\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0\26\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\26\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\27\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\352\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0U\0D\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\24\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0\24\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\25\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\03\0\25\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0\26\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\26\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\27\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\26\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\27\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0 (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\352\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0U\0D\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\24\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0\24\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\25\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\03\0\25\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0\26\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\26\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\27\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01044  2016   NtClose  (108, ... ) == 0x0
 01045  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000003"}, ... 108, ) }, ... 108, ) == 0x0
 01046  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01047  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01048  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\14\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\353\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\3\0\0\0\0\0\0\0\377\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0R\0A\0W\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\31\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0\31\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\32\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\04\0\32\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0\33\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\33\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\34\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\14\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\353\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\3\0\0\0\0\0\0\0\377\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0R\0A\0W\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\31\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0\31\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\32\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\04\0\32\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0\33\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\33\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\34\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\33\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\34\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0 (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\14\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\353\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\3\0\0\0\0\0\0\0\377\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0R\0A\0W\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\31\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0\31\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\32\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\04\0\32\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0\33\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\33\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\34\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01049  2016   NtClose  (108, ... ) == 0x0
 01050  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000004"}, ... 108, ) }, ... 108, ) == 0x0
 01051  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01052  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01053  2016   NtAllocateVirtualMemory  (-1, 1343488, 0, 4096, 4096, 4, ... 1343488, 4096, ) == 0x0
 01054  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11&\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\354\3\0\0\1\0\0\0\204\370\272\2|\370\272\2\210\371\272\2\4\244`u\\12\0\0\240<_u\260\371\272\2\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0R\0S\0V\0P\0 \0U\0D\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\1\0\0\0\344\373\272\2\1\0\0\0\330\273\356\0\0\0\0\0=\373\220|\200\371\272\2\0\0\0\0\0\371\272\2l\373\220|q\373\220|\0\0\0\0\200\371\272\2=\373\220|\334\370\272\2\0\0\0\0\204\3\0\0\37\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0\37\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0 \4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\05\0 \4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0!\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0!\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0"\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11&\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\354\3\0\0\1\0\0\0\204\370\272\2|\370\272\2\210\371\272\2\4\244`u\\12\0\0\240<_u\260\371\272\2\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0R\0S\0V\0P\0 \0U\0D\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\1\0\0\0\344\373\272\2\1\0\0\0\330\273\356\0\0\0\0\0=\373\220|\200\371\272\2\0\0\0\0\0\371\272\2l\373\220|q\373\220|\0\0\0\0\200\371\272\2=\373\220|\334\370\272\2\0\0\0\0\204\3\0\0\37\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0\37\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0 \4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\05\0 \4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0!\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0!\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0"\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0!\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0 (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11&\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\354\3\0\0\1\0\0\0\204\370\272\2|\370\272\2\210\371\272\2\4\244`u\\12\0\0\240<_u\260\371\272\2\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0R\0S\0V\0P\0 \0U\0D\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\1\0\0\0\344\373\272\2\1\0\0\0\330\273\356\0\0\0\0\0=\373\220|\200\371\272\2\0\0\0\0\0\371\272\2l\373\220|q\373\220|\0\0\0\0\200\371\272\2=\373\220|\334\370\272\2\0\0\0\0\204\3\0\0\37\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0\37\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0 \4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\05\0 \4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0!\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0!\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0"\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) == 0x0
 01055  2016   NtClose  (108, ... ) == 0x0
 01056  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000005"}, ... 108, ) }, ... 108, ) == 0x0
 01057  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01058  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01059  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5f \2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\355\3\0\0\1\0\0\0\210\1\34\0\0\0\34\0\10\0\0\0\0\0\0\0\214\373\272\2\\15\221|\0\0\34\0\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0R\0S\0V\0P\0 \0T\0C\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\210\1\34\0\0\0\0\0\20\0\0\0P\373\272\2\270Ddu\0\0\0\0(\275\356\0|\373\272\2\364\373\272\2\0\0\34\0\10\0\0\0\0\0\0\0(\374\272\2\\15\221|\0\0\34\0\0\0\0\0\204\3\0\0$\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0$\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0%\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\06\0%\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0&\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0&\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0'\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5f \2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\355\3\0\0\1\0\0\0\210\1\34\0\0\0\34\0\10\0\0\0\0\0\0\0\214\373\272\2\\15\221|\0\0\34\0\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0R\0S\0V\0P\0 \0T\0C\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\210\1\34\0\0\0\0\0\20\0\0\0P\373\272\2\270Ddu\0\0\0\0(\275\356\0|\373\272\2\364\373\272\2\0\0\34\0\10\0\0\0\0\0\0\0(\374\272\2\\15\221|\0\0\34\0\0\0\0\0\204\3\0\0$\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0$\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0%\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\06\0%\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0&\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0&\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0'\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0&\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0'\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0 (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5f \2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\355\3\0\0\1\0\0\0\210\1\34\0\0\0\34\0\10\0\0\0\0\0\0\0\214\373\272\2\\15\221|\0\0\34\0\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0R\0S\0V\0P\0 \0T\0C\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\210\1\34\0\0\0\0\0\20\0\0\0P\373\272\2\270Ddu\0\0\0\0(\275\356\0|\373\272\2\364\373\272\2\0\0\34\0\10\0\0\0\0\0\0\0(\374\272\2\\15\221|\0\0\34\0\0\0\0\0\204\3\0\0$\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0$\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0%\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\06\0%\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0&\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0&\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0'\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01060  2016   NtClose  (108, ... ) == 0x0
 01061  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000006"}, ... 108, ) }, ... 108, ) == 0x0
 01062  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01063  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01064  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5&\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0d\200\304\237\230r\344C\267\275\30\37 \211y*\374\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0 \0\0\0\36\0\0\0\36\0\0\0\1\0\0\0\3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0R\0f\0C\0o\0m\0m\0 \0[\0B\0l\0u\0e\0t\0o\0o\0t\0h\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0)\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0)\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0*\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\07\0*\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0+\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0+\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0,\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5&\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0d\200\304\237\230r\344C\267\275\30\37 \211y*\374\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0 \0\0\0\36\0\0\0\36\0\0\0\1\0\0\0\3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0R\0f\0C\0o\0m\0m\0 \0[\0B\0l\0u\0e\0t\0o\0o\0t\0h\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0)\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0)\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0*\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\07\0*\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0+\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0+\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0,\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0+\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0,\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0 (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5&\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0d\200\304\237\230r\344C\267\275\30\37 \211y*\374\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0 \0\0\0\36\0\0\0\36\0\0\0\1\0\0\0\3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0R\0f\0C\0o\0m\0m\0 \0[\0B\0l\0u\0e\0t\0o\0o\0t\0h\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0)\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0)\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0*\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\07\0*\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0+\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0+\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0,\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01065  2016   NtClose  (108, ... ) == 0x0
 01066  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000007"}, ... 108, ) }, ... 108, ) == 0x0
 01067  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01068  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01069  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\23\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\373\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0F\0C\0C\00\03\0A\04\01\0-\08\0C\0C\0C\0-\04\09\01\09\0-\0A\0\0\0\0\0\204\3\0\0.\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0.\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0/\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\08\0/\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\00\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\00\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\01\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\23\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\373\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0F\0C\0C\00\03\0A\04\01\0-\08\0C\0C\0C\0-\04\09\01\09\0-\0A\0\0\0\0\0\204\3\0\0.\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0.\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0/\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\08\0/\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\00\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\00\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\01\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\00\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\01\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0 (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\23\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\373\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0F\0C\0C\00\03\0A\04\01\0-\08\0C\0C\0C\0-\04\09\01\09\0-\0A\0\0\0\0\0\204\3\0\0.\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0.\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0/\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\08\0/\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\00\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\00\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\01\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01070  2016   NtClose  (108, ... ) == 0x0
 01071  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000008"}, ... 108, ) }, ... 108, ) == 0x0
 01072  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01073  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01074  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\24\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\373\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0F\0C\0C\00\03\0A\04\01\0-\08\0C\0C\0C\0-\04\09\01\09\0-\0A\0\0\0\0\0\204\3\0\03\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\03\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\04\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\09\04\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\05\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\05\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\06\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\24\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\373\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0F\0C\0C\00\03\0A\04\01\0-\08\0C\0C\0C\0-\04\09\01\09\0-\0A\0\0\0\0\0\204\3\0\03\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\03\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\04\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\09\04\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\05\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\05\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\06\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\05\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\06\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0 (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\24\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\373\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0F\0C\0C\00\03\0A\04\01\0-\08\0C\0C\0C\0-\04\09\01\09\0-\0A\0\0\0\0\0\204\3\0\03\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\03\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\04\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\09\04\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\05\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\05\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\06\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01075  2016   NtClose  (108, ... ) == 0x0
 01076  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000009"}, ... 108, ) }, ... 108, ) == 0x0
 01077  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01078  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01079  2016   NtAllocateVirtualMemory  (-1, 1347584, 0, 4096, 4096, 4, ... 1347584, 4096, ) == 0x0
 01080  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\25\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\374\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0E\07\04\02\01\0B\05\0-\07\03\02\0D\0-\04\05\06\07\0-\0A\0\0\0\0\0\204\3\0\09\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\09\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0:\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\00\0:\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0;\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0;\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0<\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\25\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\374\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0E\07\04\02\01\0B\05\0-\07\03\02\0D\0-\04\05\06\07\0-\0A\0\0\0\0\0\204\3\0\09\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\09\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0:\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\00\0:\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0;\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0;\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0<\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0;\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0<\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0 (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\25\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\374\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0E\07\04\02\01\0B\05\0-\07\03\02\0D\0-\04\05\06\07\0-\0A\0\0\0\0\0\204\3\0\09\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\09\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0:\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\00\0:\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0;\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0;\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0<\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01081  2016   NtClose  (108, ... ) == 0x0
 01082  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000010"}, ... 108, ) }, ... 108, ) == 0x0
 01083  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01084  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01085  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\26\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\374\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0E\07\04\02\01\0B\05\0-\07\03\02\0D\0-\04\05\06\07\0-\0A\0\0\0\0\0\204\3\0\0>\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0>\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0?\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\01\0?\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0@\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0@\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0A\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\26\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\374\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0E\07\04\02\01\0B\05\0-\07\03\02\0D\0-\04\05\06\07\0-\0A\0\0\0\0\0\204\3\0\0>\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0>\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0?\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\01\0?\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0@\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0@\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0A\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0@\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0A\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0 (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\26\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\374\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0E\07\04\02\01\0B\05\0-\07\03\02\0D\0-\04\05\06\07\0-\0A\0\0\0\0\0\204\3\0\0>\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0>\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0?\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\01\0?\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0@\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0@\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0A\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01086  2016   NtClose  (108, ... ) == 0x0
 01087  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000011"}, ... 108, ) }, ... 108, ) == 0x0
 01088  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01089  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01090  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\27\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\375\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\09\07\0C\02\0D\09\0F\04\0-\06\09\05\04\0-\04\0E\0B\03\0-\08\0\0\0\0\0\204\3\0\0C\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0C\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0D\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\02\0D\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0E\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0E\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0F\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\27\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\375\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\09\07\0C\02\0D\09\0F\04\0-\06\09\05\04\0-\04\0E\0B\03\0-\08\0\0\0\0\0\204\3\0\0C\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0C\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0D\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\02\0D\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0E\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0E\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0F\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0E\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0F\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0 (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\27\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\375\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\09\07\0C\02\0D\09\0F\04\0-\06\09\05\04\0-\04\0E\0B\03\0-\08\0\0\0\0\0\204\3\0\0C\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0C\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0D\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\02\0D\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0E\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0E\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0F\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01091  2016   NtClose  (108, ... ) == 0x0
 01092  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000012"}, ... 108, ) }, ... 108, ) == 0x0
 01093  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01094  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01095  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\30\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\375\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\09\07\0C\02\0D\09\0F\04\0-\06\09\05\04\0-\04\0E\0B\03\0-\08\0\0\0\0\0\204\3\0\0H\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0H\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0I\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\03\0I\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0J\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0J\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0K\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\30\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\375\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\09\07\0C\02\0D\09\0F\04\0-\06\09\05\04\0-\04\0E\0B\03\0-\08\0\0\0\0\0\204\3\0\0H\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0H\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0I\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\03\0I\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0J\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0J\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0K\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0J\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0K\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0 (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\30\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\375\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\09\07\0C\02\0D\09\0F\04\0-\06\09\05\04\0-\04\0E\0B\03\0-\08\0\0\0\0\0\204\3\0\0H\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0H\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0I\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\03\0I\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0J\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0J\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0K\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01096  2016   NtClose  (108, ... ) == 0x0
 01097  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000013"}, ... 108, ) }, ... 108, ) == 0x0
 01098  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01099  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01100  2016   NtAllocateVirtualMemory  (-1, 1351680, 0, 4096, 4096, 4, ... 1351680, 4096, ) == 0x0
 01101  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\31\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\00\0D\04\03\00\0A\06\0F\0-\00\04\01\00\0-\04\0A\06\08\0-\09\0\0\0\0\0\204\3\0\0N\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0N\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0O\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\04\0O\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0P\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0P\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0Q\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\31\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\00\0D\04\03\00\0A\06\0F\0-\00\04\01\00\0-\04\0A\06\08\0-\09\0\0\0\0\0\204\3\0\0N\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0N\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0O\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\04\0O\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0P\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0P\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0Q\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0P\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0Q\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0 (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\31\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\00\0D\04\03\00\0A\06\0F\0-\00\04\01\00\0-\04\0A\06\08\0-\09\0\0\0\0\0\204\3\0\0N\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0N\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0O\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\04\0O\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0P\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0P\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0Q\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01102  2016   NtClose  (108, ... ) == 0x0
 01103  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000014"}, ... 108, ) }, ... 108, ) == 0x0
 01104  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01105  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01106  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\32\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\00\0D\04\03\00\0A\06\0F\0-\00\04\01\00\0-\04\0A\06\08\0-\09\0\0\0\0\0\204\3\0\0S\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0S\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0T\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\05\0T\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0U\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0U\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0V\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\32\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\00\0D\04\03\00\0A\06\0F\0-\00\04\01\00\0-\04\0A\06\08\0-\09\0\0\0\0\0\204\3\0\0S\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0S\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0T\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\05\0T\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0U\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0U\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0V\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0U\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0V\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0 (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\32\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\00\0D\04\03\00\0A\06\0F\0-\00\04\01\00\0-\04\0A\06\08\0-\09\0\0\0\0\0\204\3\0\0S\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0S\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0T\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\05\0T\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0U\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0U\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0V\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01107  2016   NtClose  (108, ... ) == 0x0
 01108  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000015"}, ... 108, ) }, ... 108, ) == 0x0
 01109  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01110  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01111  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\33\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\08\0A\0D\04\0D\08\00\06\0-\00\08\01\0B\0-\04\04\04\06\0-\0A\0\0\0\0\0\204\3\0\0X\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0X\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0Y\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\06\0Y\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0Z\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0Z\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0[\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\33\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\08\0A\0D\04\0D\08\00\06\0-\00\08\01\0B\0-\04\04\04\06\0-\0A\0\0\0\0\0\204\3\0\0X\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0X\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0Y\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\06\0Y\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0Z\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0Z\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0[\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0Z\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0[\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0 (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\33\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\08\0A\0D\04\0D\08\00\06\0-\00\08\01\0B\0-\04\04\04\06\0-\0A\0\0\0\0\0\204\3\0\0X\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0X\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0Y\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\06\0Y\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0Z\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0Z\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0[\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01112  2016   NtClose  (108, ... ) == 0x0
 01113  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000016"}, ... 108, ) }, ... 108, ) == 0x0
 01114  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01115  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01116  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\34\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\08\0A\0D\04\0D\08\00\06\0-\00\08\01\0B\0-\04\04\04\06\0-\0A\0\0\0\0\0\204\3\0\0]\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0]\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0^\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\07\0^\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0_\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0_\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0`\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\34\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\08\0A\0D\04\0D\08\00\06\0-\00\08\01\0B\0-\04\04\04\06\0-\0A\0\0\0\0\0\204\3\0\0]\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0]\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0^\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\07\0^\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0_\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0_\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0`\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0_\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0`\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0 (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\34\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\08\0A\0D\04\0D\08\00\06\0-\00\08\01\0B\0-\04\04\04\06\0-\0A\0\0\0\0\0\204\3\0\0]\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0]\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0^\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\07\0^\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0_\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0_\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0`\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01117  2016   NtClose  (108, ... ) == 0x0
 01118  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000017"}, ... 108, ) }, ... 108, ) == 0x0
 01119  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01120  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01121  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\35\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0E\05\05\09\0B\00\0C\01\0-\0F\0A\04\06\0-\04\06\04\0D\0-\0B\0\0\0\0\0\204\3\0\0b\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0b\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0c\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\08\0c\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0d\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0d\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0e\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\35\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0E\05\05\09\0B\00\0C\01\0-\0F\0A\04\06\0-\04\06\04\0D\0-\0B\0\0\0\0\0\204\3\0\0b\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0b\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0c\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\08\0c\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0d\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0d\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0e\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0d\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0e\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0 (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\35\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0E\05\05\09\0B\00\0C\01\0-\0F\0A\04\06\0-\04\06\04\0D\0-\0B\0\0\0\0\0\204\3\0\0b\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0b\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0c\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\08\0c\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0d\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0d\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0e\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01122  2016   NtClose  (108, ... ) == 0x0
 01123  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000018"}, ... 108, ) }, ... 108, ) == 0x0
 01124  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01125  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01126  2016   NtAllocateVirtualMemory  (-1, 1355776, 0, 4096, 4096, 4, ... 1355776, 4096, ) == 0x0
 01127  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\36\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0E\05\05\09\0B\00\0C\01\0-\0F\0A\04\06\0-\04\06\04\0D\0-\0B\0\0\0\0\0\204\3\0\0h\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0h\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0i\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\09\0i\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0j\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0j\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0k\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\36\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0E\05\05\09\0B\00\0C\01\0-\0F\0A\04\06\0-\04\06\04\0D\0-\0B\0\0\0\0\0\204\3\0\0h\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0h\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0i\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\09\0i\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0j\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0j\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0k\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0j\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0k\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0 (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\36\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0E\05\05\09\0B\00\0C\01\0-\0F\0A\04\06\0-\04\06\04\0D\0-\0B\0\0\0\0\0\204\3\0\0h\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0h\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0i\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\09\0i\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0j\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0j\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0k\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01128  2016   NtClose  (108, ... ) == 0x0
 01129  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000019"}, ... 108, ) }, ... 108, ) == 0x0
 01130  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01131  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01132  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\37\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\372\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0C\0D\03\0C\06\04\0B\08\0-\0D\0B\07\06\0-\04\04\0C\08\0-\09\0\0\0\0\0\204\3\0\0m\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0m\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0n\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\00\0n\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0o\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0o\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0p\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\37\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\372\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0C\0D\03\0C\06\04\0B\08\0-\0D\0B\07\06\0-\04\04\0C\08\0-\09\0\0\0\0\0\204\3\0\0m\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0m\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0n\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\00\0n\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0o\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0o\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0p\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0o\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0p\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0 (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\37\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\372\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0C\0D\03\0C\06\04\0B\08\0-\0D\0B\07\06\0-\04\04\0C\08\0-\09\0\0\0\0\0\204\3\0\0m\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0m\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0n\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\00\0n\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0o\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0o\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0p\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01133  2016   NtClose  (108, ... ) == 0x0
 01134  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000020"}, ... 108, ) }, ... 108, ) == 0x0
 01135  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01136  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01137  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222 \4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\372\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0C\0D\03\0C\06\04\0B\08\0-\0D\0B\07\06\0-\04\04\0C\08\0-\09\0\0\0\0\0\204\3\0\0r\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0r\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0s\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\01\0s\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0t\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0t\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0u\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222 \4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\372\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0C\0D\03\0C\06\04\0B\08\0-\0D\0B\07\06\0-\04\04\0C\08\0-\09\0\0\0\0\0\204\3\0\0r\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0r\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0s\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\01\0s\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0t\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0t\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0u\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0t\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0u\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0 (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222 \4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\372\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0C\0D\03\0C\06\04\0B\08\0-\0D\0B\07\06\0-\04\04\0C\08\0-\09\0\0\0\0\0\204\3\0\0r\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0r\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0s\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\01\0s\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0t\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0t\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0u\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01138  2016   NtClose  (108, ... ) == 0x0
 01139  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000021"}, ... 108, ) }, ... 108, ) == 0x0
 01140  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01141  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01142  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222!\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\371\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\02\01\0B\08\0E\09\0D\05\0-\03\0F\0C\03\0-\04\0F\09\0D\0-\08\0\0\0\0\0\204\3\0\0w\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0w\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0x\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\02\0x\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0y\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0y\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0z\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222!\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\371\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\02\01\0B\08\0E\09\0D\05\0-\03\0F\0C\03\0-\04\0F\09\0D\0-\08\0\0\0\0\0\204\3\0\0w\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0w\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0x\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\02\0x\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0y\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0y\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0z\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0y\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0z\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0 (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222!\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\371\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\02\01\0B\08\0E\09\0D\05\0-\03\0F\0C\03\0-\04\0F\09\0D\0-\08\0\0\0\0\0\204\3\0\0w\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0w\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0x\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0h\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\240j\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\02\0x\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0l\0\0\0y\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0y\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0z\4\0\0\200\3\0\0\340\7\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0l\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01143  2016   NtClose  (108, ... ) == 0x0
 01144  2016   NtOpenKey  (0x20019, {24, 104, 0x40, 0, 0,  (0x20019, {24, 104, 0x40, 0, 0, "000000000022"}, ... 108, ) }, ... 108, ) == 0x0
 01145  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01146  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01147  2016   NtAllocateVirtualMemory  (-1, 1359872, 0, 4096, 4096, 4, ... 1359872, 4096, ) == 0x0
 01148  2016   NtQueryValueKey  (108,  (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222"\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\371\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\02\01\0B\08\0E\09\0D\05\0-\03\0F\0C\03\0-\04\0F\09\0D\0-\08\0\0\0\0\0\204\3\0\0}\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0}\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0~\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0h\0\0\0~\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\177\4\0\0\200\3\0\0\340\7\0\0\305\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0`\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\177\4\0\0\200\3\0\0\340\7\0\0\305\0\0\0\1\0\1\0\2\1\0\0\0\0\0\0\200\4\0\0\200\3\0\0\340\7\0\0\25\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0\3\0\37\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\200\4\0\0\200\3\0\0\340\7\0\0\25\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0h\0\0\0\201\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0T\0\0\0\0\0\0\2\0\0\0\0\30\0\0\0\\0\0\0\210\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$\0&\0X@\24\0\0\0\0\0N\0a\0m\0e\0S\0p\0a\0c\0e\0_\0C\0a\0t\0a\0l\0o\0g\05\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (108, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222"\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\371\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\02\01\0B\08\0E\09\0D\05\0-\03\0F\0C\03\0-\04\0F\09\0D\0-\08\0\0\0\0\0\204\3\0\0}\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0}\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0~\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0h\0\0\0~\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\177\4\0\0\200\3\0\0\340\7\0\0\305\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0`\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\177\4\0\0\200\3\0\0\340\7\0\0\305\0\0\0\1\0\1\0\2\1\0\0\0\0\0\0\200\4\0\0\200\3\0\0\340\7\0\0\25\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0\3\0\37\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\200\4\0\0\200\3\0\0\340\7\0\0\25\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0h\0\0\0\201\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0T\0\0\0\0\0\0\2\0\0\0\0\30\0\0\0\\0\0\0\210\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$\0&\0X@\24\0\0\0\0\0N\0a\0m\0e\0S\0p\0a\0c\0e\0_\0C\0a\0t\0a\0l\0o\0g\05\0"}, 900, ) \4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\371\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\02\01\0B\08\0E\09\0D\05\0-\03\0F\0C\03\0-\04\0F\09\0D\0-\08\0\0\0\0\0\204\3\0\0}\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0l\0\0\0}\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0~\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0h\0\0\0~\4\0\0\200\3\0\0\340\7\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\177\4\0\0\200\3\0\0\340\7\0\0\305\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0`\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\177\4\0\0\200\3\0\0\340\7\0\0\305\0\0\0\1\0\1\0\2\1\0\0\0\0\0\0\200\4\0\0\200\3\0\0\340\7\0\0\25\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0\3\0\37\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\200\4\0\0\200\3\0\0\340\7\0\0\25\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0h\0\0\0\201\4\0\0\200\3\0\0\340\7\0\0Q\0\0\0\0\0\1\0\0\0\0\0T\0\0\0\0\0\0\2\0\0\0\0\30\0\0\0\\0\0\0\210\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$\0&\0X@\24\0\0\0\0\0N\0a\0m\0e\0S\0p\0a\0c\0e\0_\0C\0a\0t\0a\0l\0o\0g\05\0"}, 900, ) == 0x0
 01149  2016   NtClose  (108, ... ) == 0x0
 01150  2016   NtClose  (104, ... ) == 0x0
 01151  2016   NtWaitForSingleObject  (96, 0, {0, 0}, ... ) == 0x102
 01152  2016   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 104, ) == 0x0
 01153  2016   NtOpenKey  (0x2000000, {24, 92, 0x40, 0, 0,  (0x2000000, {24, 92, 0x40, 0, 0, "NameSpace_Catalog5"}, ... 108, ) }, ... 108, ) == 0x0
 01154  2016   NtQueryValueKey  (108,  (108, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\5\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (108, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\5\0\0\0"}, 16, ) }, 16, ) == 0x0
 01155  2016   NtNotifyChangeKey  (108, 104, 0, 0, 2011455960, 1, 0, 0, 0, 1, ... ) == 0x103
 01156  2016   NtQueryValueKey  (108,  (108, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\5\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (108, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\5\0\0\0"}, 16, ) }, 16, ) == 0x0
 01157  2016   NtOpenKey  (0x2000000, {24, 108, 0x40, 0, 0,  (0x2000000, {24, 108, 0x40, 0, 0, "00000005"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01158  2016   NtQueryValueKey  (108,  (108, "Num_Catalog_Entries", Partial, 144, ... TitleIdx=0, Type=4, Data="\4\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (108, "Num_Catalog_Entries", Partial, 144, ... TitleIdx=0, Type=4, Data="\4\0\0\0"}, 16, ) }, 16, ) == 0x0
 01159  2016   NtOpenKey  (0x2000000, {24, 108, 0x40, 0, 0,  (0x2000000, {24, 108, 0x40, 0, 0, "Catalog_Entries"}, ... 112, ) }, ... 112, ) == 0x0
 01160  2016   NtOpenKey  (0x20019, {24, 112, 0x40, 0, 0,  (0x20019, {24, 112, 0x40, 0, 0, "000000000001"}, ... 116, ) }, ... 116, ) == 0x0
 01161  2016   NtQueryValueKey  (116,  (116, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) }, 80, ) == 0x0
 01162  2016   NtQueryValueKey  (116,  (116, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) }, 80, ) == 0x0
 01163  2016   NtQueryValueKey  (116,  (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) }, 24, ) == 0x0
 01164  2016   NtQueryValueKey  (116,  (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) }, 24, ) == 0x0
 01165  2016   NtQueryValueKey  (116,  (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) }, 24, ) == 0x0
 01166  2016   NtQueryValueKey  (116,  (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) }, 24, ) == 0x0
 01167  2016   NtQueryValueKey  (116,  (116, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="@\235\5"\236~\317\21\256Z\0\252\0\247\21+"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=3, Data= (116, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="@\235\5"\236~\317\21\256Z\0\252\0\247\21+"}, 28, ) \236~\317\21\256Z\0\252\0\247\21+"}, 28, ) == 0x0
 01168  2016   NtQueryValueKey  (116,  (116, "AddressFamily", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01169  2016   NtQueryValueKey  (116,  (116, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\14\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (116, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\14\0\0\0"}, 16, ) }, 16, ) == 0x0
 01170  2016   NtQueryValueKey  (116,  (116, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (116, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 01171  2016   NtQueryValueKey  (116,  (116, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (116, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 01172  2016   NtQueryValueKey  (116,  (116, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (116, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 01173  2016   NtClose  (116, ... ) == 0x0
 01174  2016   NtOpenKey  (0x20019, {24, 112, 0x40, 0, 0,  (0x20019, {24, 112, 0x40, 0, 0, "000000000002"}, ... 116, ) }, ... 116, ) == 0x0
 01175  2016   NtQueryValueKey  (116,  (116, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0i\0n\0r\0n\0r\0.\0d\0l\0l\0\0\0"}, 78, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0i\0n\0r\0n\0r\0.\0d\0l\0l\0\0\0"}, 78, ) }, 78, ) == 0x0
 01176  2016   NtQueryValueKey  (116,  (116, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0i\0n\0r\0n\0r\0.\0d\0l\0l\0\0\0"}, 78, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0i\0n\0r\0n\0r\0.\0d\0l\0l\0\0\0"}, 78, ) }, 78, ) == 0x0
 01177  2016   NtQueryValueKey  (116,  (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) }, 22, ) == 0x0
 01178  2016   NtQueryValueKey  (116,  (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) }, 22, ) == 0x0
 01179  2016   NtQueryValueKey  (116,  (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) }, 22, ) == 0x0
 01180  2016   NtQueryValueKey  (116,  (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) }, 22, ) == 0x0
 01181  2016   NtQueryValueKey  (116,  (116, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="\3567&;\200\345\317\21\245U\0\300O\330\324\254"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=3, Data= (116, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="\3567&;\200\345\317\21\245U\0\300O\330\324\254"}, 28, ) }, 28, ) == 0x0
 01182  2016   NtQueryValueKey  (116,  (116, "AddressFamily", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01183  2016   NtQueryValueKey  (116,  (116, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data=" \0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (116, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data=" \0\0\0"}, 16, ) }, 16, ) == 0x0
 01184  2016   NtQueryValueKey  (116,  (116, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (116, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 01185  2016   NtQueryValueKey  (116,  (116, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (116, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 01186  2016   NtQueryValueKey  (116,  (116, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (116, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 01187  2016   NtClose  (116, ... ) == 0x0
 01188  2016   NtOpenKey  (0x20019, {24, 112, 0x40, 0, 0,  (0x20019, {24, 112, 0x40, 0, 0, "000000000003"}, ... 116, ) }, ... 116, ) == 0x0
 01189  2016   NtQueryValueKey  (116,  (116, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) }, 80, ) == 0x0
 01190  2016   NtQueryValueKey  (116,  (116, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) }, 80, ) == 0x0
 01191  2016   NtQueryValueKey  (116,  (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) }, 98, ) == 0x0
 01192  2016   NtQueryValueKey  (116,  (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) }, 98, ) == 0x0
 01193  2016   NtQueryValueKey  (116,  (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) }, 98, ) == 0x0
 01194  2016   NtQueryValueKey  (116,  (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) }, 98, ) == 0x0
 01195  2016   NtQueryValueKey  (116,  (116, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data=":$Bf\250;\246J\272\245.\13\327\37\335\203"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=3, Data= (116, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data=":$Bf\250;\246J\272\245.\13\327\37\335\203"}, 28, ) }, 28, ) == 0x0
 01196  2016   NtQueryValueKey  (116,  (116, "AddressFamily", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01197  2016   NtQueryValueKey  (116,  (116, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\17\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (116, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\17\0\0\0"}, 16, ) }, 16, ) == 0x0
 01198  2016   NtQueryValueKey  (116,  (116, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (116, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 01199  2016   NtQueryValueKey  (116,  (116, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (116, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 01200  2016   NtQueryValueKey  (116,  (116, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (116, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 01201  2016   NtClose  (116, ... ) == 0x0
 01202  2016   NtOpenKey  (0x20019, {24, 112, 0x40, 0, 0,  (0x20019, {24, 112, 0x40, 0, 0, "000000000004"}, ... 116, ) }, ... 116, ) == 0x0
 01203  2016   NtQueryValueKey  (116,  (116, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0s\0y\0s\0t\0e\0m\03\02\0\\0w\0s\0h\0b\0t\0h\0.\0d\0l\0l\0\0\0"}, 78, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0s\0y\0s\0t\0e\0m\03\02\0\\0w\0s\0h\0b\0t\0h\0.\0d\0l\0l\0\0\0"}, 78, ) }, 78, ) == 0x0
 01204  2016   NtQueryValueKey  (116,  (116, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0s\0y\0s\0t\0e\0m\03\02\0\\0w\0s\0h\0b\0t\0h\0.\0d\0l\0l\0\0\0"}, 78, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0s\0y\0s\0t\0e\0m\03\02\0\\0w\0s\0h\0b\0t\0h\0.\0d\0l\0l\0\0\0"}, 78, ) }, 78, ) == 0x0
 01205  2016   NtQueryValueKey  (116,  (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) }, 52, ) == 0x0
 01206  2016   NtQueryValueKey  (116,  (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) }, 52, ) == 0x0
 01207  2016   NtQueryValueKey  (116,  (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) }, 52, ) == 0x0
 01208  2016   NtQueryValueKey  (116,  (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (116, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) }, 52, ) == 0x0
 01209  2016   NtQueryValueKey  (116,  (116, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="\340c\252\6`}\377A\257\262>\346\322\3319-"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=3, Data= (116, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="\340c\252\6`}\377A\257\262>\346\322\3319-"}, 28, ) }, 28, ) == 0x0
 01210  2016   NtQueryValueKey  (116,  (116, "AddressFamily", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01211  2016   NtQueryValueKey  (116,  (116, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\20\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (116, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\20\0\0\0"}, 16, ) }, 16, ) == 0x0
 01212  2016   NtQueryValueKey  (116,  (116, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (116, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 01213  2016   NtQueryValueKey  (116,  (116, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (116, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 01214  2016   NtQueryValueKey  (116,  (116, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (116, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 01215  2016   NtClose  (116, ... ) == 0x0
 01216  2016   NtClose  (112, ... ) == 0x0
 01217  2016   NtWaitForSingleObject  (104, 0, {0, 0}, ... ) == 0x102
 01218  2016   NtClose  (92, ... ) == 0x0
 01219  2016   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 01220  2016   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 01221  2016   NtOpenKey  (0x1, {24, 36, 0x40, 0, 0,  (0x1, {24, 36, 0x40, 0, 0, "System\CurrentControlSet\Services\Winsock2\Parameters"}, ... 92, ) }, ... 92, ) == 0x0
 01222  2016   NtQueryValueKey  (92,  (92, "Ws2_32NumHandleBuckets", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01223  2016   NtClose  (92, ... ) == 0x0
 01224  2016   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ... 92, ) == 0x0
 01225  2016   NtAllocateVirtualMemory  (-1, 1363968, 0, 4096, 4096, 4, ... 1363968, 4096, ) == 0x0
 01226  2016   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\U:\WORK\PACKED.EXE"}, 1241400, ... ) }, 1241400, ... ) == 0x0
 01227  2016   NtOpenFile  (0x100100, {24, 0, 0x40, 0, 0,  (0x100100, {24, 0, 0x40, 0, 0, "\??\U:\WORK\PACKED.EXE"}, 7, 2113568, ... 112, {status=0x0, info=1}, ) }, 7, 2113568, ... 112, {status=0x0, info=1}, ) == 0x0
 01228  2016   NtSetInformationFile  (112, 1241376, 40, Basic, ... ) == STATUS_ACCESS_DENIED
 01229  2016   NtClose  (112, ... ) == 0x0
 01230  2016   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1241648,  (0x80100080, {24, 0, 0x40, 0, 1241648, "\??\u:\work\packed.exe"}, 0x0, 0, 1, 1, 2097252, 0, 0, ... 112, {status=0x0, info=1}, ) }, 0x0, 0, 1, 1, 2097252, 0, 0, ... 112, {status=0x0, info=1}, ) == 0x0
 01231  2016   NtQueryInformationFile  (112, 1242084, 8, AttributeFlag, ... {status=0x0, info=8}, ) == 0x0
 01232  2016   NtQueryInformationFile  (112, 1242000, 24, Standard, ... {status=0x0, info=24}, ) == 0x0
 01233  2016   NtQueryInformationFile  (112, 1241816, 40, Basic, ... {status=0x0, info=40}, ) == 0x0
 01234  2016   NtAllocateVirtualMemory  (-1, 1368064, 0, 8192, 4096, 4, ... 1368064, 8192, ) == 0x0
 01235  2016   NtQueryInformationFile  (112, 1364040, 4094, Stream, ... {status=0x0, info=38}, ) == 0x0
 01236  2016   NtQueryInformationFile  (112, 1240264, 40, Basic, ... {status=0x0, info=40}, ) == 0x0
 01237  2016   NtQueryInformationFile  (112, 1240540, 4, Ea, ... {status=0x0, info=4}, ) == 0x0
 01238  2016   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\AVSERVE2.EXE"}, 1239736, ... ) }, 1239736, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01239  2016   NtCreateFile  (0x40110080, {24, 0, 0x40, 0, 1240416,  (0x40110080, {24, 0, 0x40, 0, 1240416, "\??\C:\WINDOWS\avserve2.exe"}, 0x0, 32, 0, 5, 100, 0, 0, ... }, 0x0, 32, 0, 5, 100, 0, 0, ...
 01240  2016   NtClose  (-2147481628, ... ) == 0x0
 01239  2016   NtCreateFile  ... 116, {status=0x0, info=2}, ) == 0x0
 01241  2016   NtQueryVolumeInformationFile  (116, 1240568, 536, Attribute, ... {status=0x0, info=20}, ) == 0x0
 01242  2016   NtQueryInformationFile  (116, 1240152, 40, Basic, ... {status=0x0, info=40}, ) == 0x0
 01243  2016   NtQueryVolumeInformationFile  (112, 1240568, 536, Attribute, ... {status=0x0, info=20}, ) == 0x0
 01244  2016   NtSetInformationFile  (116, 1240468, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 01245  2016   NtCreateSection  (0xf001f, 0x0, 0x0, 2, 134217728, 112, ... 120, ) == 0x0
 01246  2016   NtMapViewOfSection  (120, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 2, ... (0x360000), {0, 0}, 28672, ) == 0x0
 01247  2016   NtClose  (120, ... ) == 0x0
 01248  2016   NtWriteFile  (116, 0, 0, 0,  (116, 0, 0, 0, "MZ\220\0\3\0\0\0\4\0\0\0\377\377\0\0\270\0\0\0\0\0\0\0@\0\0\0\0\0\0\0y\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\320\0\0\0\16\37\272\16\0\264\11\315!\270\1L\315!This program cannot be run in DOS mode.\15\15\12$\0\0\0\0\0\0\0\324%^\221\220D0\302\220D0\302\220D0\302x[:\302\212D0\302\23X>\302\233D0\302\220D1\302\331D0\302\362[#\302\231D0\302x[;\302\224D0\302(B6\302\221D0\302Rich\220D0\302\0\0\0\0\0\0\0\0PE\0\0L\1\2\0d\347\223@\0\0\0\0\0\0\0\0\340\0\17\1\13\1\6\0\0>\0\0\0"\0\0\0\0\0\0>(\0\0\0\20\0\0\0P\0\0\0\0@\0\0\20\0\0\0\2\0\0\4\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0\0\20\2\0\0\4\0\0\0\0\0\0\2\0\0\0\0\0\20\0\0\20\0\0\0\0\20\0\0\20\0\0\0\0\0\0\20\0\0\0\0\0\0\0\0\0\0\0$\220\0\0\212\0\0\0\0\220\0\0\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0.text\0\0\0\0\200\0\0\0\20\0\0\00\0\0\0\4\0\02CEP\0\0\0\0\0\0\0\0`\0\0\340.rsr", 25600, 0x0, 0, ... {status=0x0, info=25600}, ) \0\0\0\0\0\0>(\0\0\0\20\0\0\0P\0\0\0\0@\0\0\20\0\0\0\2\0\0\4\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0\0\20\2\0\0\4\0\0\0\0\0\0\2\0\0\0\0\0\20\0\0\20\0\0\0\0\20\0\0\20\0\0\0\0\0\0\20\0\0\0\0\0\0\0\0\0\0\0$\220\0\0\212\0\0\0\0\220\0\0\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0.text\0\0\0\0\200\0\0\0\20\0\0\00\0\0\0\4\0\02CEP\0\0\0\0\0\0\0\0`\0\0\340.rsr", 25600, 0x0, 0, ... {status=0x0, info=25600}, ) == 0x0
 01249  2016   NtUnmapViewOfSection  (-1, 0x360000, ... ) == 0x0
 01250  2016   NtSetInformationFile  (116, 1241816, 40, Basic, ... {status=0x0, info=0}, ) == 0x0
 01251  2016   NtClose  (112, ... ) == 0x0
 01252  2016   NtClose  (116, ... ) == 0x0
 01253  2016   NtOpenKey  (0x2000000, {24, 36, 0x40, 0, 0,  (0x2000000, {24, 36, 0x40, 0, 0, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run"}, ... 116, ) }, ... 116, ) == 0x0
 01254  2016   NtSetValueKey  (116,  (116, "avserve2.exe", 0, 1, "C\0:\0\\0W\0I\0N\0D\0O\0W\0S\0\\0a\0v\0s\0e\0r\0v\0e\02\0.\0e\0x\0e\0\0\0", 48, ... , 0, 1,  (116, "avserve2.exe", 0, 1, "C\0:\0\\0W\0I\0N\0D\0O\0W\0S\0\\0a\0v\0s\0e\0r\0v\0e\02\0.\0e\0x\0e\0\0\0", 48, ... , 48, ...
 01255  2016   NtSetInformationFile  (-2147482448, -142137552, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 01256  2016   NtSetInformationFile  (-2147482448, -142137644, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 01257  2016   NtSetInformationFile  (-2147482448, -142137952, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 01258  2016   NtSetInformationFile  (-2147482448, -142138048, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 01254  2016   NtSetValueKey  ... ) == 0x0
 01259  2016   NtClose  (116, ... ) == 0x0
 01260  2016   NtCreateMutant  (0x1f0001, {24, 16, 0x80, 0, 0,  (0x1f0001, {24, 16, 0x80, 0, 0, "JumpallsNlsTillt"}, 0, ... 116, ) }, 0, ... 116, ) == 0x0
 01261  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 10551296, 1048576, ) == 0x0
 01262  2016   NtAllocateVirtualMemory  (-1, 11591680, 0, 8192, 4096, 4, ... 11591680, 8192, ) == 0x0
 01263  2016   NtProtectVirtualMemory  (-1, (0xb0e000), 4096, 260, ... (0xb0e000), 4096, 4, ) == 0x0
 01264  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 112, {896, 1716}, ) == 0x0
 01265  2016   NtQueryInformationThread  (112, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffde000,Pid=896,Tid=1716,}, 0x0, ) == 0x0
 01266  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1244884, 2089878865, 1315560, 2089878893}  (24, {28, 56, new_msg, 0, 1244884, 2089878865, 1315560, 2089878893} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\0\0\0\200\3\0\0\264\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81882, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\0\0\0\200\3\0\0\264\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81882, 0}  (24, {28, 56, new_msg, 0, 1244884, 2089878865, 1315560, 2089878893} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\0\0\0\200\3\0\0\264\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81882, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\0\0\0\200\3\0\0\264\6\0\0" )  ) == 0x0
 01267  2016   NtResumeThread  (112, ... 1, ) == 0x0
 01268  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 11599872, 1048576, ) == 0x0
 01269  2016   NtAllocateVirtualMemory  (-1, 12640256, 0, 8192, 4096, 4, ... 12640256, 8192, ) == 0x0
 01270  2016   NtProtectVirtualMemory  (-1, (0xc0e000), 4096, 260, ...
 01271  1716   NtTestAlert  (... ) == 0x0
 01272  1716   NtContinue  (11599152, 1, ...
 01273  1716   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 01274  1716   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ... 120, ) == 0x0
 01275  1716   NtWaitForSingleObject  (96, 0, {0, 0}, ... ) == 0x102
 01276  1716   NtAllocateVirtualMemory  (-1, 11587584, 0, 4096, 4096, 260, ...
 01270  2016   NtProtectVirtualMemory  ... (0xc0e000), 4096, 4, ) == 0x0
 01277  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 124, {896, 1440}, ) == 0x0
 01278  2016   NtQueryInformationThread  (124, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffdd000,Pid=896,Tid=1440,}, 0x0, ) == 0x0
 01279  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81882, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81882, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\0\0\0\200\3\0\0\240\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81883, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\0\0\0\200\3\0\0\240\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81883, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81882, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\0\0\0\200\3\0\0\240\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81883, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\0\0\0\200\3\0\0\240\5\0\0" )  ) == 0x0
 01280  2016   NtResumeThread  (124, ... 1, ) == 0x0
 01281  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 12648448, 1048576, ) == 0x0
 01276  1716   NtAllocateVirtualMemory  ... 11587584, 4096, ) == 0x0
 01282  1440   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01283  1716   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\mswsock.dll"}, 11596276, ... }, 11596276, ...
 01282  1440   NtCreateEvent  ... 128, ) == 0x0
 01283  1716   NtQueryAttributesFile  ... ) == 0x0
 01284  1440   NtWaitForSingleObject  (128, 0, 0x0, ...
 01285  1716   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\mswsock.dll"}, 5, 96, ... 132, {status=0x0, info=1}, ) }, 5, 96, ... 132, {status=0x0, info=1}, ) == 0x0
 01286  1716   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 132, ... 136, ) == 0x0
 01287  1716   NtClose  (132, ... ) == 0x0
 01288  1716   NtMapViewOfSection  (136, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0x390000), 0x0, 245760, ) == 0x0
 01289  1716   NtClose  (136, ...
 01290  2016   NtAllocateVirtualMemory  (-1, 13688832, 0, 8192, 4096, 4, ... 13688832, 8192, ) == 0x0
 01291  2016   NtProtectVirtualMemory  (-1, (0xd0e000), 4096, 260, ... (0xd0e000), 4096, 4, ) == 0x0
 01292  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 132, {896, 1664}, ) == 0x0
 01293  2016   NtQueryInformationThread  (132, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffdc000,Pid=896,Tid=1664,}, 0x0, ) == 0x0
 01294  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81883, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81883, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\0\0\0\200\3\0\0\200\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81884, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\0\0\0\200\3\0\0\200\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81884, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81883, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\0\0\0\200\3\0\0\200\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81884, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\0\0\0\200\3\0\0\200\6\0\0" )  ) == 0x0
 01295  2016   NtResumeThread  (132, ...
 01289  1716   NtClose  ... ) == 0x0
 01295  2016   NtResumeThread  ... 1, ) == 0x0
 01296  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 13697024, 1048576, ) == 0x0
 01297  2016   NtAllocateVirtualMemory  (-1, 14737408, 0, 8192, 4096, 4, ... 14737408, 8192, ) == 0x0
 01298  2016   NtProtectVirtualMemory  (-1, (0xe0e000), 4096, 260, ...
 01299  1664   NtWaitForSingleObject  (128, 0, 0x0, ...
 01298  2016   NtProtectVirtualMemory  ... (0xe0e000), 4096, 4, ) == 0x0
 01300  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 136, {896, 1972}, ) == 0x0
 01301  2016   NtQueryInformationThread  (136, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffdb000,Pid=896,Tid=1972,}, 0x0, ) == 0x0
 01302  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81884, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81884, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\0\0\0\200\3\0\0\264\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81885, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\0\0\0\200\3\0\0\264\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81885, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81884, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\0\0\0\200\3\0\0\264\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81885, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\0\0\0\200\3\0\0\264\7\0\0" )  ) == 0x0
 01303  2016   NtResumeThread  (136, ... 1, ) == 0x0
 01304  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 14745600, 1048576, ) == 0x0
 01305  1972   NtWaitForSingleObject  (128, 0, 0x0, ...
 01306  2016   NtAllocateVirtualMemory  (-1, 15785984, 0, 8192, 4096, 4, ... 15785984, 8192, ) == 0x0
 01307  2016   NtProtectVirtualMemory  (-1, (0xf0e000), 4096, 260, ... (0xf0e000), 4096, 4, ) == 0x0
 01308  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 140, {896, 1036}, ) == 0x0
 01309  2016   NtQueryInformationThread  (140, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd9000,Pid=896,Tid=1036,}, 0x0, ) == 0x0
 01310  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81885, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81885, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\0\0\0\200\3\0\0\14\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81886, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\0\0\0\200\3\0\0\14\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81886, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81885, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\0\0\0\200\3\0\0\14\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81886, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\0\0\0\200\3\0\0\14\4\0\0" )  ) == 0x0
 01311  2016   NtResumeThread  (140, ... 1, ) == 0x0
 01312  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 15794176, 1048576, ) == 0x0
 01313  2016   NtAllocateVirtualMemory  (-1, 16834560, 0, 8192, 4096, 4, ... 16834560, 8192, ) == 0x0
 01314  2016   NtProtectVirtualMemory  (-1, (0x100e000), 4096, 260, ...
 01315  1036   NtWaitForSingleObject  (128, 0, 0x0, ...
 01314  2016   NtProtectVirtualMemory  ... (0x100e000), 4096, 4, ) == 0x0
 01316  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 144, {896, 1248}, ) == 0x0
 01317  2016   NtQueryInformationThread  (144, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd8000,Pid=896,Tid=1248,}, 0x0, ) == 0x0
 01318  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81886, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81886, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\0\0\0\200\3\0\0\340\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81887, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\0\0\0\200\3\0\0\340\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81887, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81886, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\0\0\0\200\3\0\0\340\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81887, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\0\0\0\200\3\0\0\340\4\0\0" )  ) == 0x0
 01319  2016   NtResumeThread  (144, ... 1, ) == 0x0
 01320  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 16842752, 1048576, ) == 0x0
 01321  1248   NtWaitForSingleObject  (128, 0, 0x0, ...
 01322  2016   NtAllocateVirtualMemory  (-1, 17883136, 0, 8192, 4096, 4, ... 17883136, 8192, ) == 0x0
 01323  2016   NtProtectVirtualMemory  (-1, (0x110e000), 4096, 260, ... (0x110e000), 4096, 4, ) == 0x0
 01324  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 148, {896, 1656}, ) == 0x0
 01325  2016   NtQueryInformationThread  (148, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd7000,Pid=896,Tid=1656,}, 0x0, ) == 0x0
 01326  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81887, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81887, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\0\0\0\200\3\0\0x\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81888, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\0\0\0\200\3\0\0x\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81888, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81887, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\0\0\0\200\3\0\0x\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81888, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\0\0\0\200\3\0\0x\6\0\0" )  ) == 0x0
 01327  2016   NtResumeThread  (148, ... 1, ) == 0x0
 01328  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 17891328, 1048576, ) == 0x0
 01329  2016   NtAllocateVirtualMemory  (-1, 18931712, 0, 8192, 4096, 4, ... 18931712, 8192, ) == 0x0
 01330  2016   NtProtectVirtualMemory  (-1, (0x120e000), 4096, 260, ...
 01331  1656   NtWaitForSingleObject  (128, 0, 0x0, ...
 01330  2016   NtProtectVirtualMemory  ... (0x120e000), 4096, 4, ) == 0x0
 01332  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 152, {896, 760}, ) == 0x0
 01333  2016   NtQueryInformationThread  (152, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd6000,Pid=896,Tid=760,}, 0x0, ) == 0x0
 01334  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81888, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81888, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\0\0\0\200\3\0\0\370\2\0\0" ... {28, 56, reply, 0, 896, 2016, 81889, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\0\0\0\200\3\0\0\370\2\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81889, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81888, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\0\0\0\200\3\0\0\370\2\0\0" ... {28, 56, reply, 0, 896, 2016, 81889, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\0\0\0\200\3\0\0\370\2\0\0" )  ) == 0x0
 01335  2016   NtResumeThread  (152, ... 1, ) == 0x0
 01336  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 18939904, 1048576, ) == 0x0
 01337   760   NtWaitForSingleObject  (128, 0, 0x0, ...
 01338  2016   NtAllocateVirtualMemory  (-1, 19980288, 0, 8192, 4096, 4, ... 19980288, 8192, ) == 0x0
 01339  2016   NtProtectVirtualMemory  (-1, (0x130e000), 4096, 260, ... (0x130e000), 4096, 4, ) == 0x0
 01340  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 156, {896, 484}, ) == 0x0
 01341  2016   NtQueryInformationThread  (156, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd5000,Pid=896,Tid=484,}, 0x0, ) == 0x0
 01342  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81889, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81889, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\0\0\0\200\3\0\0\344\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81890, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\0\0\0\200\3\0\0\344\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81890, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81889, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\0\0\0\200\3\0\0\344\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81890, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\0\0\0\200\3\0\0\344\1\0\0" )  ) == 0x0
 01343  2016   NtResumeThread  (156, ... 1, ) == 0x0
 01344  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 19988480, 1048576, ) == 0x0
 01345  2016   NtAllocateVirtualMemory  (-1, 21028864, 0, 8192, 4096, 4, ... 21028864, 8192, ) == 0x0
 01346  2016   NtProtectVirtualMemory  (-1, (0x140e000), 4096, 260, ...
 01347   484   NtWaitForSingleObject  (128, 0, 0x0, ...
 01346  2016   NtProtectVirtualMemory  ... (0x140e000), 4096, 4, ) == 0x0
 01348  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 160, {896, 1580}, ) == 0x0
 01349  2016   NtQueryInformationThread  (160, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd4000,Pid=896,Tid=1580,}, 0x0, ) == 0x0
 01350  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81890, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81890, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\0\0\0\200\3\0\0,\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81891, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\0\0\0\200\3\0\0,\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81891, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81890, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\0\0\0\200\3\0\0,\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81891, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\0\0\0\200\3\0\0,\6\0\0" )  ) == 0x0
 01351  2016   NtResumeThread  (160, ... 1, ) == 0x0
 01352  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 21037056, 1048576, ) == 0x0
 01353  1580   NtWaitForSingleObject  (128, 0, 0x0, ...
 01354  2016   NtAllocateVirtualMemory  (-1, 22077440, 0, 8192, 4096, 4, ... 22077440, 8192, ) == 0x0
 01355  2016   NtProtectVirtualMemory  (-1, (0x150e000), 4096, 260, ... (0x150e000), 4096, 4, ) == 0x0
 01356  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 164, {896, 1756}, ) == 0x0
 01357  2016   NtQueryInformationThread  (164, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffaf000,Pid=896,Tid=1756,}, 0x0, ) == 0x0
 01358  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81891, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81891, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\0\0\0\200\3\0\0\334\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81892, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\0\0\0\200\3\0\0\334\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81892, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81891, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\0\0\0\200\3\0\0\334\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81892, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\0\0\0\200\3\0\0\334\6\0\0" )  ) == 0x0
 01359  2016   NtResumeThread  (164, ... 1, ) == 0x0
 01360  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 22085632, 1048576, ) == 0x0
 01361  2016   NtAllocateVirtualMemory  (-1, 23126016, 0, 8192, 4096, 4, ... 23126016, 8192, ) == 0x0
 01362  1756   NtWaitForSingleObject  (128, 0, 0x0, ...
 01363  2016   NtProtectVirtualMemory  (-1, (0x160e000), 4096, 260, ... (0x160e000), 4096, 4, ) == 0x0
 01364  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 168, {896, 1304}, ) == 0x0
 01365  2016   NtQueryInformationThread  (168, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffae000,Pid=896,Tid=1304,}, 0x0, ) == 0x0
 01366  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81892, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81892, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\0\0\0\200\3\0\0\30\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81893, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\0\0\0\200\3\0\0\30\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81893, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81892, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\0\0\0\200\3\0\0\30\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81893, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\0\0\0\200\3\0\0\30\5\0\0" )  ) == 0x0
 01367  2016   NtResumeThread  (168, ... 1, ) == 0x0
 01368  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01369  1304   NtWaitForSingleObject  (128, 0, 0x0, ...
 01368  2016   NtAllocateVirtualMemory  ... 23134208, 1048576, ) == 0x0
 01370  2016   NtAllocateVirtualMemory  (-1, 24174592, 0, 8192, 4096, 4, ... 24174592, 8192, ) == 0x0
 01371  2016   NtProtectVirtualMemory  (-1, (0x170e000), 4096, 260, ... (0x170e000), 4096, 4, ) == 0x0
 01372  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 172, {896, 1292}, ) == 0x0
 01373  2016   NtQueryInformationThread  (172, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffad000,Pid=896,Tid=1292,}, 0x0, ) == 0x0
 01374  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81893, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81893, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\0\0\0\200\3\0\0\14\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81894, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\0\0\0\200\3\0\0\14\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81894, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81893, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\0\0\0\200\3\0\0\14\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81894, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\0\0\0\200\3\0\0\14\5\0\0" )  ) == 0x0
 01375  2016   NtResumeThread  (172, ... 1, ) == 0x0
 01376  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 24182784, 1048576, ) == 0x0
 01377  2016   NtAllocateVirtualMemory  (-1, 25223168, 0, 8192, 4096, 4, ... 25223168, 8192, ) == 0x0
 01378  1292   NtWaitForSingleObject  (128, 0, 0x0, ...
 01379  2016   NtProtectVirtualMemory  (-1, (0x180e000), 4096, 260, ... (0x180e000), 4096, 4, ) == 0x0
 01380  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 176, {896, 540}, ) == 0x0
 01381  2016   NtQueryInformationThread  (176, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffac000,Pid=896,Tid=540,}, 0x0, ) == 0x0
 01382  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81894, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81894, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\0\0\0\200\3\0\0\34\2\0\0" ... {28, 56, reply, 0, 896, 2016, 81895, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\0\0\0\200\3\0\0\34\2\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81895, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81894, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\0\0\0\200\3\0\0\34\2\0\0" ... {28, 56, reply, 0, 896, 2016, 81895, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\0\0\0\200\3\0\0\34\2\0\0" )  ) == 0x0
 01383  2016   NtResumeThread  (176, ... 1, ) == 0x0
 01384  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01385   540   NtWaitForSingleObject  (128, 0, 0x0, ...
 01384  2016   NtAllocateVirtualMemory  ... 25231360, 1048576, ) == 0x0
 01386  2016   NtAllocateVirtualMemory  (-1, 26271744, 0, 8192, 4096, 4, ... 26271744, 8192, ) == 0x0
 01387  2016   NtProtectVirtualMemory  (-1, (0x190e000), 4096, 260, ... (0x190e000), 4096, 4, ) == 0x0
 01388  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 180, {896, 1956}, ) == 0x0
 01389  2016   NtQueryInformationThread  (180, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffab000,Pid=896,Tid=1956,}, 0x0, ) == 0x0
 01390  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81895, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81895, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\0\0\0\200\3\0\0\244\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81896, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\0\0\0\200\3\0\0\244\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81896, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81895, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\0\0\0\200\3\0\0\244\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81896, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\0\0\0\200\3\0\0\244\7\0\0" )  ) == 0x0
 01391  2016   NtResumeThread  (180, ... 1, ) == 0x0
 01392  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 26279936, 1048576, ) == 0x0
 01393  2016   NtAllocateVirtualMemory  (-1, 27320320, 0, 8192, 4096, 4, ... 27320320, 8192, ) == 0x0
 01394  1956   NtWaitForSingleObject  (128, 0, 0x0, ...
 01395  2016   NtProtectVirtualMemory  (-1, (0x1a0e000), 4096, 260, ... (0x1a0e000), 4096, 4, ) == 0x0
 01396  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 184, {896, 1980}, ) == 0x0
 01397  2016   NtQueryInformationThread  (184, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffaa000,Pid=896,Tid=1980,}, 0x0, ) == 0x0
 01398  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81896, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81896, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\0\0\0\200\3\0\0\274\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81897, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\0\0\0\200\3\0\0\274\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81897, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81896, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\0\0\0\200\3\0\0\274\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81897, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\0\0\0\200\3\0\0\274\7\0\0" )  ) == 0x0
 01399  2016   NtResumeThread  (184, ... 1, ) == 0x0
 01400  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01401  1980   NtWaitForSingleObject  (128, 0, 0x0, ...
 01400  2016   NtAllocateVirtualMemory  ... 27328512, 1048576, ) == 0x0
 01402  2016   NtAllocateVirtualMemory  (-1, 28368896, 0, 8192, 4096, 4, ... 28368896, 8192, ) == 0x0
 01403  2016   NtProtectVirtualMemory  (-1, (0x1b0e000), 4096, 260, ... (0x1b0e000), 4096, 4, ) == 0x0
 01404  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 188, {896, 1556}, ) == 0x0
 01405  2016   NtQueryInformationThread  (188, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa9000,Pid=896,Tid=1556,}, 0x0, ) == 0x0
 01406  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81897, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81897, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\0\0\0\200\3\0\0\24\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81898, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\0\0\0\200\3\0\0\24\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81898, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81897, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\0\0\0\200\3\0\0\24\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81898, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\0\0\0\200\3\0\0\24\6\0\0" )  ) == 0x0
 01407  2016   NtResumeThread  (188, ... 1, ) == 0x0
 01408  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 28377088, 1048576, ) == 0x0
 01409  2016   NtAllocateVirtualMemory  (-1, 29417472, 0, 8192, 4096, 4, ... 29417472, 8192, ) == 0x0
 01410  1556   NtWaitForSingleObject  (128, 0, 0x0, ...
 01411  2016   NtProtectVirtualMemory  (-1, (0x1c0e000), 4096, 260, ... (0x1c0e000), 4096, 4, ) == 0x0
 01412  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 192, {896, 1480}, ) == 0x0
 01413  2016   NtQueryInformationThread  (192, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa8000,Pid=896,Tid=1480,}, 0x0, ) == 0x0
 01414  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81898, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81898, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\0\0\0\200\3\0\0\310\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81899, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\0\0\0\200\3\0\0\310\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81899, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81898, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\0\0\0\200\3\0\0\310\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81899, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\0\0\0\200\3\0\0\310\5\0\0" )  ) == 0x0
 01415  2016   NtResumeThread  (192, ... 1, ) == 0x0
 01416  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01417  1480   NtWaitForSingleObject  (128, 0, 0x0, ...
 01416  2016   NtAllocateVirtualMemory  ... 29425664, 1048576, ) == 0x0
 01418  2016   NtAllocateVirtualMemory  (-1, 30466048, 0, 8192, 4096, 4, ... 30466048, 8192, ) == 0x0
 01419  2016   NtProtectVirtualMemory  (-1, (0x1d0e000), 4096, 260, ... (0x1d0e000), 4096, 4, ) == 0x0
 01420  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 196, {896, 1784}, ) == 0x0
 01421  2016   NtQueryInformationThread  (196, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa7000,Pid=896,Tid=1784,}, 0x0, ) == 0x0
 01422  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81899, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81899, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\0\0\0\200\3\0\0\370\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81900, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\0\0\0\200\3\0\0\370\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81900, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81899, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\0\0\0\200\3\0\0\370\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81900, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\0\0\0\200\3\0\0\370\6\0\0" )  ) == 0x0
 01423  2016   NtResumeThread  (196, ... 1, ) == 0x0
 01424  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 30474240, 1048576, ) == 0x0
 01425  2016   NtAllocateVirtualMemory  (-1, 31514624, 0, 8192, 4096, 4, ... 31514624, 8192, ) == 0x0
 01426  1784   NtWaitForSingleObject  (128, 0, 0x0, ...
 01427  2016   NtProtectVirtualMemory  (-1, (0x1e0e000), 4096, 260, ... (0x1e0e000), 4096, 4, ) == 0x0
 01428  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 200, {896, 460}, ) == 0x0
 01429  2016   NtQueryInformationThread  (200, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff9f000,Pid=896,Tid=460,}, 0x0, ) == 0x0
 01430  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81900, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81900, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\0\0\0\200\3\0\0\314\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81901, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\0\0\0\200\3\0\0\314\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81901, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81900, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\0\0\0\200\3\0\0\314\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81901, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\0\0\0\200\3\0\0\314\1\0\0" )  ) == 0x0
 01431  2016   NtResumeThread  (200, ... 1, ) == 0x0
 01432  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01433   460   NtWaitForSingleObject  (128, 0, 0x0, ...
 01432  2016   NtAllocateVirtualMemory  ... 31522816, 1048576, ) == 0x0
 01434  2016   NtAllocateVirtualMemory  (-1, 32563200, 0, 8192, 4096, 4, ... 32563200, 8192, ) == 0x0
 01435  2016   NtProtectVirtualMemory  (-1, (0x1f0e000), 4096, 260, ... (0x1f0e000), 4096, 4, ) == 0x0
 01436  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 204, {896, 1068}, ) == 0x0
 01437  2016   NtQueryInformationThread  (204, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff9e000,Pid=896,Tid=1068,}, 0x0, ) == 0x0
 01438  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81901, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81901, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\0\0\0\200\3\0\0,\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81902, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\0\0\0\200\3\0\0,\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81902, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81901, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\0\0\0\200\3\0\0,\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81902, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\0\0\0\200\3\0\0,\4\0\0" )  ) == 0x0
 01439  2016   NtResumeThread  (204, ... 1, ) == 0x0
 01440  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 32571392, 1048576, ) == 0x0
 01441  2016   NtAllocateVirtualMemory  (-1, 33611776, 0, 8192, 4096, 4, ... 33611776, 8192, ) == 0x0
 01442  1068   NtWaitForSingleObject  (128, 0, 0x0, ...
 01443  2016   NtProtectVirtualMemory  (-1, (0x200e000), 4096, 260, ... (0x200e000), 4096, 4, ) == 0x0
 01444  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 208, {896, 1856}, ) == 0x0
 01445  2016   NtQueryInformationThread  (208, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff9d000,Pid=896,Tid=1856,}, 0x0, ) == 0x0
 01446  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81902, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81902, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\0\0\0\200\3\0\0@\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81903, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\0\0\0\200\3\0\0@\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81903, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81902, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\0\0\0\200\3\0\0@\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81903, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\0\0\0\200\3\0\0@\7\0\0" )  ) == 0x0
 01447  2016   NtResumeThread  (208, ... 1, ) == 0x0
 01448  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 33619968, 1048576, ) == 0x0
 01449  2016   NtAllocateVirtualMemory  (-1, 34660352, 0, 8192, 4096, 4, ... 34660352, 8192, ) == 0x0
 01450  1856   NtWaitForSingleObject  (128, 0, 0x0, ...
 01451  2016   NtProtectVirtualMemory  (-1, (0x210e000), 4096, 260, ... (0x210e000), 4096, 4, ) == 0x0
 01452  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 212, {896, 1572}, ) == 0x0
 01453  2016   NtQueryInformationThread  (212, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff9c000,Pid=896,Tid=1572,}, 0x0, ) == 0x0
 01454  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81903, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81903, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\0\0\0\200\3\0\0$\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81904, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\0\0\0\200\3\0\0$\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81904, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81903, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\0\0\0\200\3\0\0$\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81904, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\0\0\0\200\3\0\0$\6\0\0" )  ) == 0x0
 01455  2016   NtResumeThread  (212, ... 1, ) == 0x0
 01456  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01457  1572   NtWaitForSingleObject  (128, 0, 0x0, ...
 01456  2016   NtAllocateVirtualMemory  ... 34668544, 1048576, ) == 0x0
 01458  2016   NtAllocateVirtualMemory  (-1, 35708928, 0, 8192, 4096, 4, ... 35708928, 8192, ) == 0x0
 01459  2016   NtProtectVirtualMemory  (-1, (0x220e000), 4096, 260, ... (0x220e000), 4096, 4, ) == 0x0
 01460  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 216, {896, 1604}, ) == 0x0
 01461  2016   NtQueryInformationThread  (216, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff9b000,Pid=896,Tid=1604,}, 0x0, ) == 0x0
 01462  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81904, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81904, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\0\0\0\200\3\0\0D\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81905, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\0\0\0\200\3\0\0D\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81905, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81904, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\0\0\0\200\3\0\0D\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81905, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\0\0\0\200\3\0\0D\6\0\0" )  ) == 0x0
 01463  2016   NtResumeThread  (216, ... 1, ) == 0x0
 01464  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 35717120, 1048576, ) == 0x0
 01465  2016   NtAllocateVirtualMemory  (-1, 36757504, 0, 8192, 4096, 4, ... 36757504, 8192, ) == 0x0
 01466  1604   NtWaitForSingleObject  (128, 0, 0x0, ...
 01467  2016   NtProtectVirtualMemory  (-1, (0x230e000), 4096, 260, ... (0x230e000), 4096, 4, ) == 0x0
 01468  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 220, {896, 1596}, ) == 0x0
 01469  2016   NtQueryInformationThread  (220, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff9a000,Pid=896,Tid=1596,}, 0x0, ) == 0x0
 01470  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81905, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81905, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\0\0\0\200\3\0\0<\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81906, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\0\0\0\200\3\0\0<\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81906, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81905, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\0\0\0\200\3\0\0<\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81906, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\0\0\0\200\3\0\0<\6\0\0" )  ) == 0x0
 01471  2016   NtResumeThread  (220, ... 1, ) == 0x0
 01472  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 36765696, 1048576, ) == 0x0
 01473  2016   NtAllocateVirtualMemory  (-1, 37806080, 0, 8192, 4096, 4, ... 37806080, 8192, ) == 0x0
 01474  1596   NtWaitForSingleObject  (128, 0, 0x0, ...
 01475  2016   NtProtectVirtualMemory  (-1, (0x240e000), 4096, 260, ... (0x240e000), 4096, 4, ) == 0x0
 01476  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 224, {896, 1272}, ) == 0x0
 01477  2016   NtQueryInformationThread  (224, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff99000,Pid=896,Tid=1272,}, 0x0, ) == 0x0
 01478  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81906, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81906, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\0\0\0\200\3\0\0\370\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81907, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\0\0\0\200\3\0\0\370\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81907, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81906, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\0\0\0\200\3\0\0\370\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81907, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\0\0\0\200\3\0\0\370\4\0\0" )  ) == 0x0
 01479  2016   NtResumeThread  (224, ... 1, ) == 0x0
 01480  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01481  1272   NtWaitForSingleObject  (128, 0, 0x0, ...
 01480  2016   NtAllocateVirtualMemory  ... 37814272, 1048576, ) == 0x0
 01482  2016   NtAllocateVirtualMemory  (-1, 38854656, 0, 8192, 4096, 4, ... 38854656, 8192, ) == 0x0
 01483  2016   NtProtectVirtualMemory  (-1, (0x250e000), 4096, 260, ... (0x250e000), 4096, 4, ) == 0x0
 01484  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 228, {896, 1132}, ) == 0x0
 01485  2016   NtQueryInformationThread  (228, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff98000,Pid=896,Tid=1132,}, 0x0, ) == 0x0
 01486  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81907, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81907, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\0\0\0\200\3\0\0l\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81908, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\0\0\0\200\3\0\0l\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81908, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81907, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\0\0\0\200\3\0\0l\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81908, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\0\0\0\200\3\0\0l\4\0\0" )  ) == 0x0
 01487  2016   NtResumeThread  (228, ... 1, ) == 0x0
 01488  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 38862848, 1048576, ) == 0x0
 01489  2016   NtAllocateVirtualMemory  (-1, 39903232, 0, 8192, 4096, 4, ... 39903232, 8192, ) == 0x0
 01490  1132   NtWaitForSingleObject  (128, 0, 0x0, ...
 01491  2016   NtProtectVirtualMemory  (-1, (0x260e000), 4096, 260, ... (0x260e000), 4096, 4, ) == 0x0
 01492  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 232, {896, 948}, ) == 0x0
 01493  2016   NtQueryInformationThread  (232, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff97000,Pid=896,Tid=948,}, 0x0, ) == 0x0
 01494  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81908, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81908, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\0\0\0\200\3\0\0\264\3\0\0" ... {28, 56, reply, 0, 896, 2016, 81909, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\0\0\0\200\3\0\0\264\3\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81909, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81908, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\0\0\0\200\3\0\0\264\3\0\0" ... {28, 56, reply, 0, 896, 2016, 81909, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\0\0\0\200\3\0\0\264\3\0\0" )  ) == 0x0
 01495  2016   NtResumeThread  (232, ... 1, ) == 0x0
 01496  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01497   948   NtWaitForSingleObject  (128, 0, 0x0, ...
 01496  2016   NtAllocateVirtualMemory  ... 39911424, 1048576, ) == 0x0
 01498  2016   NtAllocateVirtualMemory  (-1, 40951808, 0, 8192, 4096, 4, ... 40951808, 8192, ) == 0x0
 01499  2016   NtProtectVirtualMemory  (-1, (0x270e000), 4096, 260, ... (0x270e000), 4096, 4, ) == 0x0
 01500  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 236, {896, 1064}, ) == 0x0
 01501  2016   NtQueryInformationThread  (236, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff96000,Pid=896,Tid=1064,}, 0x0, ) == 0x0
 01502  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81909, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81909, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\0\0\0\200\3\0\0(\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81910, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\0\0\0\200\3\0\0(\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81910, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81909, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\0\0\0\200\3\0\0(\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81910, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\0\0\0\200\3\0\0(\4\0\0" )  ) == 0x0
 01503  2016   NtResumeThread  (236, ... 1, ) == 0x0
 01504  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 40960000, 1048576, ) == 0x0
 01505  2016   NtAllocateVirtualMemory  (-1, 42000384, 0, 8192, 4096, 4, ... 42000384, 8192, ) == 0x0
 01506  2016   NtProtectVirtualMemory  (-1, (0x280e000), 4096, 260, ...
 01507  1064   NtWaitForSingleObject  (128, 0, 0x0, ...
 01506  2016   NtProtectVirtualMemory  ... (0x280e000), 4096, 4, ) == 0x0
 01508  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 240, {896, 184}, ) == 0x0
 01509  2016   NtQueryInformationThread  (240, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff95000,Pid=896,Tid=184,}, 0x0, ) == 0x0
 01510  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81910, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81910, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\0\0\0\200\3\0\0\270\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81911, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\0\0\0\200\3\0\0\270\0\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81911, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81910, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\0\0\0\200\3\0\0\270\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81911, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\0\0\0\200\3\0\0\270\0\0\0" )  ) == 0x0
 01511  2016   NtResumeThread  (240, ... 1, ) == 0x0
 01512  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 42008576, 1048576, ) == 0x0
 01513   184   NtWaitForSingleObject  (128, 0, 0x0, ...
 01514  2016   NtAllocateVirtualMemory  (-1, 43048960, 0, 8192, 4096, 4, ... 43048960, 8192, ) == 0x0
 01515  2016   NtProtectVirtualMemory  (-1, (0x290e000), 4096, 260, ... (0x290e000), 4096, 4, ) == 0x0
 01516  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 244, {896, 284}, ) == 0x0
 01517  2016   NtQueryInformationThread  (244, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff94000,Pid=896,Tid=284,}, 0x0, ) == 0x0
 01518  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81911, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81911, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\0\0\0\200\3\0\0\34\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81912, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\0\0\0\200\3\0\0\34\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81912, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81911, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\0\0\0\200\3\0\0\34\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81912, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\0\0\0\200\3\0\0\34\1\0\0" )  ) == 0x0
 01519  2016   NtResumeThread  (244, ... 1, ) == 0x0
 01520  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 43057152, 1048576, ) == 0x0
 01521  2016   NtAllocateVirtualMemory  (-1, 44097536, 0, 8192, 4096, 4, ... 44097536, 8192, ) == 0x0
 01522  2016   NtProtectVirtualMemory  (-1, (0x2a0e000), 4096, 260, ...
 01523   284   NtWaitForSingleObject  (128, 0, 0x0, ...
 01522  2016   NtProtectVirtualMemory  ... (0x2a0e000), 4096, 4, ) == 0x0
 01524  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 248, {896, 188}, ) == 0x0
 01525  2016   NtQueryInformationThread  (248, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff93000,Pid=896,Tid=188,}, 0x0, ) == 0x0
 01526  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81912, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81912, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\0\0\0\200\3\0\0\274\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81913, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\0\0\0\200\3\0\0\274\0\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81913, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81912, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\0\0\0\200\3\0\0\274\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81913, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\0\0\0\200\3\0\0\274\0\0\0" )  ) == 0x0
 01527  2016   NtResumeThread  (248, ... 1, ) == 0x0
 01528  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 44105728, 1048576, ) == 0x0
 01529   188   NtWaitForSingleObject  (128, 0, 0x0, ...
 01530  2016   NtAllocateVirtualMemory  (-1, 45146112, 0, 8192, 4096, 4, ... 45146112, 8192, ) == 0x0
 01531  2016   NtProtectVirtualMemory  (-1, (0x2b0e000), 4096, 260, ... (0x2b0e000), 4096, 4, ) == 0x0
 01532  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 252, {896, 1384}, ) == 0x0
 01533  2016   NtQueryInformationThread  (252, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff92000,Pid=896,Tid=1384,}, 0x0, ) == 0x0
 01534  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81913, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81913, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\0\0\0\200\3\0\0h\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81914, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\0\0\0\200\3\0\0h\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81914, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81913, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\0\0\0\200\3\0\0h\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81914, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\0\0\0\200\3\0\0h\5\0\0" )  ) == 0x0
 01535  2016   NtResumeThread  (252, ... 1, ) == 0x0
 01536  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 45154304, 1048576, ) == 0x0
 01537  2016   NtAllocateVirtualMemory  (-1, 46194688, 0, 8192, 4096, 4, ... 46194688, 8192, ) == 0x0
 01538  2016   NtProtectVirtualMemory  (-1, (0x2c0e000), 4096, 260, ...
 01539  1384   NtWaitForSingleObject  (128, 0, 0x0, ...
 01538  2016   NtProtectVirtualMemory  ... (0x2c0e000), 4096, 4, ) == 0x0
 01540  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 256, {896, 1240}, ) == 0x0
 01541  2016   NtQueryInformationThread  (256, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff91000,Pid=896,Tid=1240,}, 0x0, ) == 0x0
 01542  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81914, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81914, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\1\0\0\200\3\0\0\330\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81915, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\1\0\0\200\3\0\0\330\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81915, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81914, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\1\0\0\200\3\0\0\330\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81915, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\1\0\0\200\3\0\0\330\4\0\0" )  ) == 0x0
 01543  2016   NtResumeThread  (256, ... 1, ) == 0x0
 01544  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 46202880, 1048576, ) == 0x0
 01545  1240   NtWaitForSingleObject  (128, 0, 0x0, ...
 01546  2016   NtAllocateVirtualMemory  (-1, 47243264, 0, 8192, 4096, 4, ... 47243264, 8192, ) == 0x0
 01547  2016   NtProtectVirtualMemory  (-1, (0x2d0e000), 4096, 260, ... (0x2d0e000), 4096, 4, ) == 0x0
 01548  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 260, {896, 296}, ) == 0x0
 01549  2016   NtQueryInformationThread  (260, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff90000,Pid=896,Tid=296,}, 0x0, ) == 0x0
 01550  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81915, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81915, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\1\0\0\200\3\0\0(\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81916, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\1\0\0\200\3\0\0(\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81916, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81915, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\1\0\0\200\3\0\0(\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81916, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\1\0\0\200\3\0\0(\1\0\0" )  ) == 0x0
 01551  2016   NtResumeThread  (260, ... 1, ) == 0x0
 01552  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 47251456, 1048576, ) == 0x0
 01553  2016   NtAllocateVirtualMemory  (-1, 48291840, 0, 8192, 4096, 4, ... 48291840, 8192, ) == 0x0
 01554   296   NtWaitForSingleObject  (128, 0, 0x0, ...
 01555  2016   NtProtectVirtualMemory  (-1, (0x2e0e000), 4096, 260, ... (0x2e0e000), 4096, 4, ) == 0x0
 01556  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 264, {896, 740}, ) == 0x0
 01557  2016   NtQueryInformationThread  (264, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8f000,Pid=896,Tid=740,}, 0x0, ) == 0x0
 01558  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81916, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81916, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\1\0\0\200\3\0\0\344\2\0\0" ... {28, 56, reply, 0, 896, 2016, 81917, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\1\0\0\200\3\0\0\344\2\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81917, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81916, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\1\0\0\200\3\0\0\344\2\0\0" ... {28, 56, reply, 0, 896, 2016, 81917, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\1\0\0\200\3\0\0\344\2\0\0" )  ) == 0x0
 01559  2016   NtResumeThread  (264, ... 1, ) == 0x0
 01560  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01561   740   NtWaitForSingleObject  (128, 0, 0x0, ...
 01560  2016   NtAllocateVirtualMemory  ... 48300032, 1048576, ) == 0x0
 01562  2016   NtAllocateVirtualMemory  (-1, 49340416, 0, 8192, 4096, 4, ... 49340416, 8192, ) == 0x0
 01563  2016   NtProtectVirtualMemory  (-1, (0x2f0e000), 4096, 260, ... (0x2f0e000), 4096, 4, ) == 0x0
 01564  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 268, {896, 120}, ) == 0x0
 01565  2016   NtQueryInformationThread  (268, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8e000,Pid=896,Tid=120,}, 0x0, ) == 0x0
 01566  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81917, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81917, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\1\0\0\200\3\0\0x\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81918, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\1\0\0\200\3\0\0x\0\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81918, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81917, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\1\0\0\200\3\0\0x\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81918, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\1\0\0\200\3\0\0x\0\0\0" )  ) == 0x0
 01567  2016   NtResumeThread  (268, ... 1, ) == 0x0
 01568  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 49348608, 1048576, ) == 0x0
 01569  2016   NtAllocateVirtualMemory  (-1, 50388992, 0, 8192, 4096, 4, ... 50388992, 8192, ) == 0x0
 01570   120   NtWaitForSingleObject  (128, 0, 0x0, ...
 01571  2016   NtProtectVirtualMemory  (-1, (0x300e000), 4096, 260, ... (0x300e000), 4096, 4, ) == 0x0
 01572  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 272, {896, 1356}, ) == 0x0
 01573  2016   NtQueryInformationThread  (272, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8d000,Pid=896,Tid=1356,}, 0x0, ) == 0x0
 01574  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81918, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81918, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\1\0\0\200\3\0\0L\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81919, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\1\0\0\200\3\0\0L\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81919, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81918, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\1\0\0\200\3\0\0L\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81919, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\1\0\0\200\3\0\0L\5\0\0" )  ) == 0x0
 01575  2016   NtResumeThread  (272, ... 1, ) == 0x0
 01576  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01577  1356   NtWaitForSingleObject  (128, 0, 0x0, ...
 01576  2016   NtAllocateVirtualMemory  ... 50397184, 1048576, ) == 0x0
 01578  2016   NtAllocateVirtualMemory  (-1, 51437568, 0, 8192, 4096, 4, ... 51437568, 8192, ) == 0x0
 01579  2016   NtProtectVirtualMemory  (-1, (0x310e000), 4096, 260, ... (0x310e000), 4096, 4, ) == 0x0
 01580  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 276, {896, 1796}, ) == 0x0
 01581  2016   NtQueryInformationThread  (276, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8c000,Pid=896,Tid=1796,}, 0x0, ) == 0x0
 01582  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81919, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81919, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\1\0\0\200\3\0\0\4\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81920, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\1\0\0\200\3\0\0\4\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81920, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81919, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\1\0\0\200\3\0\0\4\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81920, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\1\0\0\200\3\0\0\4\7\0\0" )  ) == 0x0
 01583  2016   NtResumeThread  (276, ... 1, ) == 0x0
 01584  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 51445760, 1048576, ) == 0x0
 01585  2016   NtAllocateVirtualMemory  (-1, 52486144, 0, 8192, 4096, 4, ... 52486144, 8192, ) == 0x0
 01586  1796   NtWaitForSingleObject  (128, 0, 0x0, ...
 01587  2016   NtProtectVirtualMemory  (-1, (0x320e000), 4096, 260, ... (0x320e000), 4096, 4, ) == 0x0
 01588  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 280, {896, 712}, ) == 0x0
 01589  2016   NtQueryInformationThread  (280, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8b000,Pid=896,Tid=712,}, 0x0, ) == 0x0
 01590  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81920, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81920, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\1\0\0\200\3\0\0\310\2\0\0" ... {28, 56, reply, 0, 896, 2016, 81921, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\1\0\0\200\3\0\0\310\2\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81921, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81920, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\1\0\0\200\3\0\0\310\2\0\0" ... {28, 56, reply, 0, 896, 2016, 81921, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\1\0\0\200\3\0\0\310\2\0\0" )  ) == 0x0
 01591  2016   NtResumeThread  (280, ... 1, ) == 0x0
 01592  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01593   712   NtWaitForSingleObject  (128, 0, 0x0, ...
 01592  2016   NtAllocateVirtualMemory  ... 52494336, 1048576, ) == 0x0
 01594  2016   NtAllocateVirtualMemory  (-1, 53534720, 0, 8192, 4096, 4, ... 53534720, 8192, ) == 0x0
 01595  2016   NtProtectVirtualMemory  (-1, (0x330e000), 4096, 260, ... (0x330e000), 4096, 4, ) == 0x0
 01596  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 284, {896, 1728}, ) == 0x0
 01597  2016   NtQueryInformationThread  (284, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8a000,Pid=896,Tid=1728,}, 0x0, ) == 0x0
 01598  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81921, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81921, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\1\0\0\200\3\0\0\300\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81922, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\1\0\0\200\3\0\0\300\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81922, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81921, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\1\0\0\200\3\0\0\300\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81922, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\1\0\0\200\3\0\0\300\6\0\0" )  ) == 0x0
 01599  2016   NtResumeThread  (284, ... 1, ) == 0x0
 01600  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 53542912, 1048576, ) == 0x0
 01601  2016   NtAllocateVirtualMemory  (-1, 54583296, 0, 8192, 4096, 4, ... 54583296, 8192, ) == 0x0
 01602  1728   NtWaitForSingleObject  (128, 0, 0x0, ...
 01603  2016   NtProtectVirtualMemory  (-1, (0x340e000), 4096, 260, ... (0x340e000), 4096, 4, ) == 0x0
 01604  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 288, {896, 152}, ) == 0x0
 01605  2016   NtQueryInformationThread  (288, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff89000,Pid=896,Tid=152,}, 0x0, ) == 0x0
 01606  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81922, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81922, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \1\0\0\200\3\0\0\230\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81923, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \1\0\0\200\3\0\0\230\0\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81923, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81922, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \1\0\0\200\3\0\0\230\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81923, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \1\0\0\200\3\0\0\230\0\0\0" )  ) == 0x0
 01607  2016   NtResumeThread  (288, ... 1, ) == 0x0
 01608  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01609   152   NtWaitForSingleObject  (128, 0, 0x0, ...
 01608  2016   NtAllocateVirtualMemory  ... 54591488, 1048576, ) == 0x0
 01610  2016   NtAllocateVirtualMemory  (-1, 55631872, 0, 8192, 4096, 4, ... 55631872, 8192, ) == 0x0
 01611  2016   NtProtectVirtualMemory  (-1, (0x350e000), 4096, 260, ... (0x350e000), 4096, 4, ) == 0x0
 01612  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 292, {896, 212}, ) == 0x0
 01613  2016   NtQueryInformationThread  (292, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff88000,Pid=896,Tid=212,}, 0x0, ) == 0x0
 01614  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81923, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81923, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\1\0\0\200\3\0\0\324\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81924, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\1\0\0\200\3\0\0\324\0\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81924, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81923, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\1\0\0\200\3\0\0\324\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81924, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\1\0\0\200\3\0\0\324\0\0\0" )  ) == 0x0
 01615  2016   NtResumeThread  (292, ... 1, ) == 0x0
 01616  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 55640064, 1048576, ) == 0x0
 01617  2016   NtAllocateVirtualMemory  (-1, 56680448, 0, 8192, 4096, 4, ... 56680448, 8192, ) == 0x0
 01618   212   NtWaitForSingleObject  (128, 0, 0x0, ...
 01619  2016   NtProtectVirtualMemory  (-1, (0x360e000), 4096, 260, ... (0x360e000), 4096, 4, ) == 0x0
 01620  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 296, {896, 180}, ) == 0x0
 01621  2016   NtQueryInformationThread  (296, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff87000,Pid=896,Tid=180,}, 0x0, ) == 0x0
 01622  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81924, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81924, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\1\0\0\200\3\0\0\264\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81925, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\1\0\0\200\3\0\0\264\0\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81925, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81924, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\1\0\0\200\3\0\0\264\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81925, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\1\0\0\200\3\0\0\264\0\0\0" )  ) == 0x0
 01623  2016   NtResumeThread  (296, ... 1, ) == 0x0
 01624  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01625   180   NtWaitForSingleObject  (128, 0, 0x0, ...
 01624  2016   NtAllocateVirtualMemory  ... 56688640, 1048576, ) == 0x0
 01626  2016   NtAllocateVirtualMemory  (-1, 57729024, 0, 8192, 4096, 4, ... 57729024, 8192, ) == 0x0
 01627  2016   NtProtectVirtualMemory  (-1, (0x370e000), 4096, 260, ... (0x370e000), 4096, 4, ) == 0x0
 01628  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 300, {896, 1256}, ) == 0x0
 01629  2016   NtQueryInformationThread  (300, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff86000,Pid=896,Tid=1256,}, 0x0, ) == 0x0
 01630  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81925, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81925, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\1\0\0\200\3\0\0\350\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81926, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\1\0\0\200\3\0\0\350\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81926, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81925, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\1\0\0\200\3\0\0\350\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81926, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\1\0\0\200\3\0\0\350\4\0\0" )  ) == 0x0
 01631  2016   NtResumeThread  (300, ... 1, ) == 0x0
 01632  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01633  1256   NtWaitForSingleObject  (128, 0, 0x0, ...
 01632  2016   NtAllocateVirtualMemory  ... 57737216, 1048576, ) == 0x0
 01634  2016   NtAllocateVirtualMemory  (-1, 58777600, 0, 8192, 4096, 4, ... 58777600, 8192, ) == 0x0
 01635  2016   NtProtectVirtualMemory  (-1, (0x380e000), 4096, 260, ... (0x380e000), 4096, 4, ) == 0x0
 01636  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 304, {896, 1904}, ) == 0x0
 01637  2016   NtQueryInformationThread  (304, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff85000,Pid=896,Tid=1904,}, 0x0, ) == 0x0
 01638  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81926, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81926, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\1\0\0\200\3\0\0p\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81927, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\1\0\0\200\3\0\0p\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81927, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81926, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\1\0\0\200\3\0\0p\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81927, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\1\0\0\200\3\0\0p\7\0\0" )  ) == 0x0
 01639  2016   NtResumeThread  (304, ... 1, ) == 0x0
 01640  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 58785792, 1048576, ) == 0x0
 01641  2016   NtAllocateVirtualMemory  (-1, 59826176, 0, 8192, 4096, 4, ... 59826176, 8192, ) == 0x0
 01642  1904   NtWaitForSingleObject  (128, 0, 0x0, ...
 01643  2016   NtProtectVirtualMemory  (-1, (0x390e000), 4096, 260, ... (0x390e000), 4096, 4, ) == 0x0
 01644  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 308, {896, 464}, ) == 0x0
 01645  2016   NtQueryInformationThread  (308, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff84000,Pid=896,Tid=464,}, 0x0, ) == 0x0
 01646  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81927, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81927, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\1\0\0\200\3\0\0\320\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81928, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\1\0\0\200\3\0\0\320\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81928, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81927, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\1\0\0\200\3\0\0\320\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81928, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\1\0\0\200\3\0\0\320\1\0\0" )  ) == 0x0
 01647  2016   NtResumeThread  (308, ... 1, ) == 0x0
 01648  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 59834368, 1048576, ) == 0x0
 01649  2016   NtAllocateVirtualMemory  (-1, 60874752, 0, 8192, 4096, 4, ... 60874752, 8192, ) == 0x0
 01650   464   NtWaitForSingleObject  (128, 0, 0x0, ...
 01651  2016   NtProtectVirtualMemory  (-1, (0x3a0e000), 4096, 260, ... (0x3a0e000), 4096, 4, ) == 0x0
 01652  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 312, {896, 1536}, ) == 0x0
 01653  2016   NtQueryInformationThread  (312, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff83000,Pid=896,Tid=1536,}, 0x0, ) == 0x0
 01654  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81928, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81928, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\1\0\0\200\3\0\0\0\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81929, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\1\0\0\200\3\0\0\0\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81929, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81928, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\1\0\0\200\3\0\0\0\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81929, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\1\0\0\200\3\0\0\0\6\0\0" )  ) == 0x0
 01655  2016   NtResumeThread  (312, ... 1, ) == 0x0
 01656  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01657  1536   NtWaitForSingleObject  (128, 0, 0x0, ...
 01656  2016   NtAllocateVirtualMemory  ... 60882944, 1048576, ) == 0x0
 01658  2016   NtAllocateVirtualMemory  (-1, 61923328, 0, 8192, 4096, 4, ... 61923328, 8192, ) == 0x0
 01659  2016   NtProtectVirtualMemory  (-1, (0x3b0e000), 4096, 260, ... (0x3b0e000), 4096, 4, ) == 0x0
 01660  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 316, {896, 444}, ) == 0x0
 01661  2016   NtQueryInformationThread  (316, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff82000,Pid=896,Tid=444,}, 0x0, ) == 0x0
 01662  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81929, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81929, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\1\0\0\200\3\0\0\274\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81930, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\1\0\0\200\3\0\0\274\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81930, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81929, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\1\0\0\200\3\0\0\274\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81930, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\1\0\0\200\3\0\0\274\1\0\0" )  ) == 0x0
 01663  2016   NtResumeThread  (316, ... 1, ) == 0x0
 01664  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 61931520, 1048576, ) == 0x0
 01665  2016   NtAllocateVirtualMemory  (-1, 62971904, 0, 8192, 4096, 4, ... 62971904, 8192, ) == 0x0
 01666   444   NtWaitForSingleObject  (128, 0, 0x0, ...
 01667  2016   NtProtectVirtualMemory  (-1, (0x3c0e000), 4096, 260, ... (0x3c0e000), 4096, 4, ) == 0x0
 01668  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 320, {896, 1936}, ) == 0x0
 01669  2016   NtQueryInformationThread  (320, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff81000,Pid=896,Tid=1936,}, 0x0, ) == 0x0
 01670  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81930, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81930, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\1\0\0\200\3\0\0\220\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81931, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\1\0\0\200\3\0\0\220\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81931, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81930, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\1\0\0\200\3\0\0\220\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81931, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\1\0\0\200\3\0\0\220\7\0\0" )  ) == 0x0
 01671  2016   NtResumeThread  (320, ... 1, ) == 0x0
 01672  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01673  1936   NtWaitForSingleObject  (128, 0, 0x0, ...
 01672  2016   NtAllocateVirtualMemory  ... 62980096, 1048576, ) == 0x0
 01674  2016   NtAllocateVirtualMemory  (-1, 64020480, 0, 8192, 4096, 4, ... 64020480, 8192, ) == 0x0
 01675  2016   NtProtectVirtualMemory  (-1, (0x3d0e000), 4096, 260, ... (0x3d0e000), 4096, 4, ) == 0x0
 01676  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 324, {896, 1648}, ) == 0x0
 01677  2016   NtQueryInformationThread  (324, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff80000,Pid=896,Tid=1648,}, 0x0, ) == 0x0
 01678  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81931, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81931, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\1\0\0\200\3\0\0p\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81932, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\1\0\0\200\3\0\0p\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81932, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81931, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\1\0\0\200\3\0\0p\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81932, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\1\0\0\200\3\0\0p\6\0\0" )  ) == 0x0
 01679  2016   NtResumeThread  (324, ... 1, ) == 0x0
 01680  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01681  1648   NtWaitForSingleObject  (128, 0, 0x0, ...
 01680  2016   NtAllocateVirtualMemory  ... 64028672, 1048576, ) == 0x0
 01682  2016   NtAllocateVirtualMemory  (-1, 65069056, 0, 8192, 4096, 4, ... 65069056, 8192, ) == 0x0
 01683  2016   NtProtectVirtualMemory  (-1, (0x3e0e000), 4096, 260, ... (0x3e0e000), 4096, 4, ) == 0x0
 01684  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 328, {896, 276}, ) == 0x0
 01685  2016   NtQueryInformationThread  (328, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7f000,Pid=896,Tid=276,}, 0x0, ) == 0x0
 01686  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81932, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81932, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\1\0\0\200\3\0\0\24\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81933, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\1\0\0\200\3\0\0\24\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81933, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81932, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\1\0\0\200\3\0\0\24\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81933, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\1\0\0\200\3\0\0\24\1\0\0" )  ) == 0x0
 01687  2016   NtResumeThread  (328, ... 1, ) == 0x0
 01688  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 65077248, 1048576, ) == 0x0
 01689  2016   NtAllocateVirtualMemory  (-1, 66117632, 0, 8192, 4096, 4, ... 66117632, 8192, ) == 0x0
 01690   276   NtWaitForSingleObject  (128, 0, 0x0, ...
 01691  2016   NtProtectVirtualMemory  (-1, (0x3f0e000), 4096, 260, ... (0x3f0e000), 4096, 4, ) == 0x0
 01692  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 332, {896, 968}, ) == 0x0
 01693  2016   NtQueryInformationThread  (332, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7e000,Pid=896,Tid=968,}, 0x0, ) == 0x0
 01694  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81933, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81933, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\1\0\0\200\3\0\0\310\3\0\0" ... {28, 56, reply, 0, 896, 2016, 81934, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\1\0\0\200\3\0\0\310\3\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81934, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81933, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\1\0\0\200\3\0\0\310\3\0\0" ... {28, 56, reply, 0, 896, 2016, 81934, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\1\0\0\200\3\0\0\310\3\0\0" )  ) == 0x0
 01695  2016   NtResumeThread  (332, ... 1, ) == 0x0
 01696  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01697   968   NtWaitForSingleObject  (128, 0, 0x0, ...
 01696  2016   NtAllocateVirtualMemory  ... 66125824, 1048576, ) == 0x0
 01698  2016   NtAllocateVirtualMemory  (-1, 67166208, 0, 8192, 4096, 4, ... 67166208, 8192, ) == 0x0
 01699  2016   NtProtectVirtualMemory  (-1, (0x400e000), 4096, 260, ... (0x400e000), 4096, 4, ) == 0x0
 01700  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 336, {896, 1688}, ) == 0x0
 01701  2016   NtQueryInformationThread  (336, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7d000,Pid=896,Tid=1688,}, 0x0, ) == 0x0
 01702  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81934, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81934, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\1\0\0\200\3\0\0\230\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81935, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\1\0\0\200\3\0\0\230\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81935, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81934, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\1\0\0\200\3\0\0\230\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81935, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\1\0\0\200\3\0\0\230\6\0\0" )  ) == 0x0
 01703  2016   NtResumeThread  (336, ... 1, ) == 0x0
 01704  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 67174400, 1048576, ) == 0x0
 01705  2016   NtAllocateVirtualMemory  (-1, 68214784, 0, 8192, 4096, 4, ... 68214784, 8192, ) == 0x0
 01706  1688   NtWaitForSingleObject  (128, 0, 0x0, ...
 01707  2016   NtProtectVirtualMemory  (-1, (0x410e000), 4096, 260, ... (0x410e000), 4096, 4, ) == 0x0
 01708  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 340, {896, 308}, ) == 0x0
 01709  2016   NtQueryInformationThread  (340, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7c000,Pid=896,Tid=308,}, 0x0, ) == 0x0
 01710  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81935, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81935, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\1\0\0\200\3\0\04\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81936, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\1\0\0\200\3\0\04\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81936, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81935, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\1\0\0\200\3\0\04\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81936, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\1\0\0\200\3\0\04\1\0\0" )  ) == 0x0
 01711  2016   NtResumeThread  (340, ... 1, ) == 0x0
 01712  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01713   308   NtWaitForSingleObject  (128, 0, 0x0, ...
 01712  2016   NtAllocateVirtualMemory  ... 68222976, 1048576, ) == 0x0
 01714  2016   NtAllocateVirtualMemory  (-1, 69263360, 0, 8192, 4096, 4, ... 69263360, 8192, ) == 0x0
 01715  2016   NtProtectVirtualMemory  (-1, (0x420e000), 4096, 260, ... (0x420e000), 4096, 4, ) == 0x0
 01716  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 344, {896, 1584}, ) == 0x0
 01717  2016   NtQueryInformationThread  (344, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7b000,Pid=896,Tid=1584,}, 0x0, ) == 0x0
 01718  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81936, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81936, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\1\0\0\200\3\0\00\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81937, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\1\0\0\200\3\0\00\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81937, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81936, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\1\0\0\200\3\0\00\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81937, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\1\0\0\200\3\0\00\6\0\0" )  ) == 0x0
 01719  2016   NtResumeThread  (344, ... 1, ) == 0x0
 01720  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01721  1584   NtWaitForSingleObject  (128, 0, 0x0, ...
 01720  2016   NtAllocateVirtualMemory  ... 69271552, 1048576, ) == 0x0
 01722  2016   NtAllocateVirtualMemory  (-1, 70311936, 0, 8192, 4096, 4, ... 70311936, 8192, ) == 0x0
 01723  2016   NtProtectVirtualMemory  (-1, (0x430e000), 4096, 260, ... (0x430e000), 4096, 4, ) == 0x0
 01724  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 348, {896, 1496}, ) == 0x0
 01725  2016   NtQueryInformationThread  (348, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7a000,Pid=896,Tid=1496,}, 0x0, ) == 0x0
 01726  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81937, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81937, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\1\0\0\200\3\0\0\330\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81938, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\1\0\0\200\3\0\0\330\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81938, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81937, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\1\0\0\200\3\0\0\330\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81938, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\1\0\0\200\3\0\0\330\5\0\0" )  ) == 0x0
 01727  2016   NtResumeThread  (348, ... 1, ) == 0x0
 01728  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 70320128, 1048576, ) == 0x0
 01729  2016   NtAllocateVirtualMemory  (-1, 71360512, 0, 8192, 4096, 4, ... 71360512, 8192, ) == 0x0
 01730  1496   NtWaitForSingleObject  (128, 0, 0x0, ...
 01731  2016   NtProtectVirtualMemory  (-1, (0x440e000), 4096, 260, ... (0x440e000), 4096, 4, ) == 0x0
 01732  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 352, {896, 1944}, ) == 0x0
 01733  2016   NtQueryInformationThread  (352, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff79000,Pid=896,Tid=1944,}, 0x0, ) == 0x0
 01734  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81938, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81938, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\1\0\0\200\3\0\0\230\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81939, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\1\0\0\200\3\0\0\230\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81939, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81938, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\1\0\0\200\3\0\0\230\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81939, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\1\0\0\200\3\0\0\230\7\0\0" )  ) == 0x0
 01735  2016   NtResumeThread  (352, ... 1, ) == 0x0
 01736  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01737  1944   NtWaitForSingleObject  (128, 0, 0x0, ...
 01736  2016   NtAllocateVirtualMemory  ... 71368704, 1048576, ) == 0x0
 01738  2016   NtAllocateVirtualMemory  (-1, 72409088, 0, 8192, 4096, 4, ... 72409088, 8192, ) == 0x0
 01739  2016   NtProtectVirtualMemory  (-1, (0x450e000), 4096, 260, ... (0x450e000), 4096, 4, ) == 0x0
 01740  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 356, {896, 1896}, ) == 0x0
 01741  2016   NtQueryInformationThread  (356, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff78000,Pid=896,Tid=1896,}, 0x0, ) == 0x0
 01742  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81939, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81939, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\1\0\0\200\3\0\0h\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81940, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\1\0\0\200\3\0\0h\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81940, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81939, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\1\0\0\200\3\0\0h\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81940, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\1\0\0\200\3\0\0h\7\0\0" )  ) == 0x0
 01743  2016   NtResumeThread  (356, ... 1, ) == 0x0
 01744  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 72417280, 1048576, ) == 0x0
 01745  2016   NtAllocateVirtualMemory  (-1, 73457664, 0, 8192, 4096, 4, ... 73457664, 8192, ) == 0x0
 01746  1896   NtWaitForSingleObject  (128, 0, 0x0, ...
 01747  2016   NtProtectVirtualMemory  (-1, (0x460e000), 4096, 260, ... (0x460e000), 4096, 4, ) == 0x0
 01748  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 360, {896, 148}, ) == 0x0
 01749  2016   NtQueryInformationThread  (360, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff77000,Pid=896,Tid=148,}, 0x0, ) == 0x0
 01750  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81940, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81940, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\1\0\0\200\3\0\0\224\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81941, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\1\0\0\200\3\0\0\224\0\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81941, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81940, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\1\0\0\200\3\0\0\224\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81941, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\1\0\0\200\3\0\0\224\0\0\0" )  ) == 0x0
 01751  2016   NtResumeThread  (360, ... 1, ) == 0x0
 01752  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01753   148   NtWaitForSingleObject  (128, 0, 0x0, ...
 01752  2016   NtAllocateVirtualMemory  ... 73465856, 1048576, ) == 0x0
 01754  2016   NtAllocateVirtualMemory  (-1, 74506240, 0, 8192, 4096, 4, ... 74506240, 8192, ) == 0x0
 01755  2016   NtProtectVirtualMemory  (-1, (0x470e000), 4096, 260, ... (0x470e000), 4096, 4, ) == 0x0
 01756  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 364, {896, 1500}, ) == 0x0
 01757  2016   NtQueryInformationThread  (364, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff76000,Pid=896,Tid=1500,}, 0x0, ) == 0x0
 01758  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81941, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81941, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\1\0\0\200\3\0\0\334\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81942, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\1\0\0\200\3\0\0\334\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81942, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81941, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\1\0\0\200\3\0\0\334\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81942, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\1\0\0\200\3\0\0\334\5\0\0" )  ) == 0x0
 01759  2016   NtResumeThread  (364, ... 1, ) == 0x0
 01760  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 74514432, 1048576, ) == 0x0
 01761  2016   NtAllocateVirtualMemory  (-1, 75554816, 0, 8192, 4096, 4, ... 75554816, 8192, ) == 0x0
 01762  1500   NtWaitForSingleObject  (128, 0, 0x0, ...
 01763  2016   NtProtectVirtualMemory  (-1, (0x480e000), 4096, 260, ... (0x480e000), 4096, 4, ) == 0x0
 01764  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 368, {896, 240}, ) == 0x0
 01765  2016   NtQueryInformationThread  (368, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff75000,Pid=896,Tid=240,}, 0x0, ) == 0x0
 01766  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81942, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81942, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\1\0\0\200\3\0\0\360\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81943, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\1\0\0\200\3\0\0\360\0\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81943, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81942, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\1\0\0\200\3\0\0\360\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81943, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\1\0\0\200\3\0\0\360\0\0\0" )  ) == 0x0
 01767  2016   NtResumeThread  (368, ... 1, ) == 0x0
 01768  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01769   240   NtWaitForSingleObject  (128, 0, 0x0, ...
 01768  2016   NtAllocateVirtualMemory  ... 75563008, 1048576, ) == 0x0
 01770  2016   NtAllocateVirtualMemory  (-1, 76603392, 0, 8192, 4096, 4, ... 76603392, 8192, ) == 0x0
 01771  2016   NtProtectVirtualMemory  (-1, (0x490e000), 4096, 260, ... (0x490e000), 4096, 4, ) == 0x0
 01772  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 372, {896, 2032}, ) == 0x0
 01773  2016   NtQueryInformationThread  (372, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff74000,Pid=896,Tid=2032,}, 0x0, ) == 0x0
 01774  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81943, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81943, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\1\0\0\200\3\0\0\360\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81944, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\1\0\0\200\3\0\0\360\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81944, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81943, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\1\0\0\200\3\0\0\360\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81944, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\1\0\0\200\3\0\0\360\7\0\0" )  ) == 0x0
 01775  2016   NtResumeThread  (372, ... 1, ) == 0x0
 01776  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 76611584, 1048576, ) == 0x0
 01777  2016   NtAllocateVirtualMemory  (-1, 77651968, 0, 8192, 4096, 4, ... 77651968, 8192, ) == 0x0
 01778  2032   NtWaitForSingleObject  (128, 0, 0x0, ...
 01779  2016   NtProtectVirtualMemory  (-1, (0x4a0e000), 4096, 260, ... (0x4a0e000), 4096, 4, ) == 0x0
 01780  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 376, {896, 1592}, ) == 0x0
 01781  2016   NtQueryInformationThread  (376, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff73000,Pid=896,Tid=1592,}, 0x0, ) == 0x0
 01782  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81944, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81944, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\1\0\0\200\3\0\08\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81945, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\1\0\0\200\3\0\08\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81945, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81944, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\1\0\0\200\3\0\08\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81945, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\1\0\0\200\3\0\08\6\0\0" )  ) == 0x0
 01783  2016   NtResumeThread  (376, ... 1, ) == 0x0
 01784  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01785  1592   NtWaitForSingleObject  (128, 0, 0x0, ...
 01784  2016   NtAllocateVirtualMemory  ... 77660160, 1048576, ) == 0x0
 01786  2016   NtAllocateVirtualMemory  (-1, 78700544, 0, 8192, 4096, 4, ... 78700544, 8192, ) == 0x0
 01787  2016   NtProtectVirtualMemory  (-1, (0x4b0e000), 4096, 260, ... (0x4b0e000), 4096, 4, ) == 0x0
 01788  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 380, {896, 496}, ) == 0x0
 01789  2016   NtQueryInformationThread  (380, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff72000,Pid=896,Tid=496,}, 0x0, ) == 0x0
 01790  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81945, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81945, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\1\0\0\200\3\0\0\360\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81946, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\1\0\0\200\3\0\0\360\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81946, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81945, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\1\0\0\200\3\0\0\360\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81946, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\1\0\0\200\3\0\0\360\1\0\0" )  ) == 0x0
 01791  2016   NtResumeThread  (380, ... 1, ) == 0x0
 01792  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 78708736, 1048576, ) == 0x0
 01793  2016   NtAllocateVirtualMemory  (-1, 79749120, 0, 8192, 4096, 4, ... 79749120, 8192, ) == 0x0
 01794   496   NtWaitForSingleObject  (128, 0, 0x0, ...
 01795  2016   NtProtectVirtualMemory  (-1, (0x4c0e000), 4096, 260, ... (0x4c0e000), 4096, 4, ) == 0x0
 01796  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 384, {896, 476}, ) == 0x0
 01797  2016   NtQueryInformationThread  (384, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff71000,Pid=896,Tid=476,}, 0x0, ) == 0x0
 01798  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81946, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81946, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\1\0\0\200\3\0\0\334\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81947, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\1\0\0\200\3\0\0\334\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81947, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81946, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\1\0\0\200\3\0\0\334\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81947, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\1\0\0\200\3\0\0\334\1\0\0" )  ) == 0x0
 01799  2016   NtResumeThread  (384, ... 1, ) == 0x0
 01800  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 79757312, 1048576, ) == 0x0
 01801  2016   NtAllocateVirtualMemory  (-1, 80797696, 0, 8192, 4096, 4, ... 80797696, 8192, ) == 0x0
 01802   476   NtWaitForSingleObject  (128, 0, 0x0, ...
 01803  2016   NtProtectVirtualMemory  (-1, (0x4d0e000), 4096, 260, ... (0x4d0e000), 4096, 4, ) == 0x0
 01804  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 388, {896, 1404}, ) == 0x0
 01805  2016   NtQueryInformationThread  (388, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff70000,Pid=896,Tid=1404,}, 0x0, ) == 0x0
 01806  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81947, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81947, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\1\0\0\200\3\0\0|\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81948, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\1\0\0\200\3\0\0|\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81948, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81947, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\1\0\0\200\3\0\0|\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81948, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\1\0\0\200\3\0\0|\5\0\0" )  ) == 0x0
 01807  2016   NtResumeThread  (388, ... 1, ) == 0x0
 01808  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01809  1404   NtWaitForSingleObject  (128, 0, 0x0, ...
 01808  2016   NtAllocateVirtualMemory  ... 80805888, 1048576, ) == 0x0
 01810  2016   NtAllocateVirtualMemory  (-1, 81846272, 0, 8192, 4096, 4, ... 81846272, 8192, ) == 0x0
 01811  2016   NtProtectVirtualMemory  (-1, (0x4e0e000), 4096, 260, ... (0x4e0e000), 4096, 4, ) == 0x0
 01812  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 392, {896, 1744}, ) == 0x0
 01813  2016   NtQueryInformationThread  (392, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff6f000,Pid=896,Tid=1744,}, 0x0, ) == 0x0
 01814  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81948, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81948, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\1\0\0\200\3\0\0\320\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81949, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\1\0\0\200\3\0\0\320\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81949, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81948, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\1\0\0\200\3\0\0\320\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81949, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\1\0\0\200\3\0\0\320\6\0\0" )  ) == 0x0
 01815  2016   NtResumeThread  (392, ... 1, ) == 0x0
 01816  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 81854464, 1048576, ) == 0x0
 01817  2016   NtAllocateVirtualMemory  (-1, 82894848, 0, 8192, 4096, 4, ... 82894848, 8192, ) == 0x0
 01818  1744   NtWaitForSingleObject  (128, 0, 0x0, ...
 01819  2016   NtProtectVirtualMemory  (-1, (0x4f0e000), 4096, 260, ... (0x4f0e000), 4096, 4, ) == 0x0
 01820  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 396, {896, 336}, ) == 0x0
 01821  2016   NtQueryInformationThread  (396, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff6e000,Pid=896,Tid=336,}, 0x0, ) == 0x0
 01822  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81949, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81949, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\1\0\0\200\3\0\0P\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81950, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\1\0\0\200\3\0\0P\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81950, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81949, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\1\0\0\200\3\0\0P\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81950, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\1\0\0\200\3\0\0P\1\0\0" )  ) == 0x0
 01823  2016   NtResumeThread  (396, ... 1, ) == 0x0
 01824  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01825   336   NtWaitForSingleObject  (128, 0, 0x0, ...
 01824  2016   NtAllocateVirtualMemory  ... 82903040, 1048576, ) == 0x0
 01826  2016   NtAllocateVirtualMemory  (-1, 83943424, 0, 8192, 4096, 4, ... 83943424, 8192, ) == 0x0
 01827  2016   NtProtectVirtualMemory  (-1, (0x500e000), 4096, 260, ... (0x500e000), 4096, 4, ) == 0x0
 01828  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 400, {896, 1128}, ) == 0x0
 01829  2016   NtQueryInformationThread  (400, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff6d000,Pid=896,Tid=1128,}, 0x0, ) == 0x0
 01830  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81950, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81950, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\1\0\0\200\3\0\0h\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81951, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\1\0\0\200\3\0\0h\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81951, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81950, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\1\0\0\200\3\0\0h\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81951, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\1\0\0\200\3\0\0h\4\0\0" )  ) == 0x0
 01831  2016   NtResumeThread  (400, ... 1, ) == 0x0
 01832  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 83951616, 1048576, ) == 0x0
 01833  2016   NtAllocateVirtualMemory  (-1, 84992000, 0, 8192, 4096, 4, ... 84992000, 8192, ) == 0x0
 01834  1128   NtWaitForSingleObject  (128, 0, 0x0, ...
 01835  2016   NtProtectVirtualMemory  (-1, (0x510e000), 4096, 260, ... (0x510e000), 4096, 4, ) == 0x0
 01836  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 404, {896, 1924}, ) == 0x0
 01837  2016   NtQueryInformationThread  (404, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff6c000,Pid=896,Tid=1924,}, 0x0, ) == 0x0
 01838  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81951, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81951, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\1\0\0\200\3\0\0\204\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81952, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\1\0\0\200\3\0\0\204\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81952, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81951, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\1\0\0\200\3\0\0\204\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81952, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\1\0\0\200\3\0\0\204\7\0\0" )  ) == 0x0
 01839  2016   NtResumeThread  (404, ... 1, ) == 0x0
 01840  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01841  1924   NtWaitForSingleObject  (128, 0, 0x0, ...
 01840  2016   NtAllocateVirtualMemory  ... 85000192, 1048576, ) == 0x0
 01842  2016   NtAllocateVirtualMemory  (-1, 86040576, 0, 8192, 4096, 4, ... 86040576, 8192, ) == 0x0
 01843  2016   NtProtectVirtualMemory  (-1, (0x520e000), 4096, 260, ... (0x520e000), 4096, 4, ) == 0x0
 01844  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 408, {896, 768}, ) == 0x0
 01845  2016   NtQueryInformationThread  (408, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff6b000,Pid=896,Tid=768,}, 0x0, ) == 0x0
 01846  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81952, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81952, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\1\0\0\200\3\0\0\0\3\0\0" ... {28, 56, reply, 0, 896, 2016, 81953, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\1\0\0\200\3\0\0\0\3\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81953, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81952, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\1\0\0\200\3\0\0\0\3\0\0" ... {28, 56, reply, 0, 896, 2016, 81953, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\1\0\0\200\3\0\0\0\3\0\0" )  ) == 0x0
 01847  2016   NtResumeThread  (408, ... 1, ) == 0x0
 01848  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01849   768   NtWaitForSingleObject  (128, 0, 0x0, ...
 01848  2016   NtAllocateVirtualMemory  ... 86048768, 1048576, ) == 0x0
 01850  2016   NtAllocateVirtualMemory  (-1, 87089152, 0, 8192, 4096, 4, ... 87089152, 8192, ) == 0x0
 01851  2016   NtProtectVirtualMemory  (-1, (0x530e000), 4096, 260, ... (0x530e000), 4096, 4, ) == 0x0
 01852  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 412, {896, 2040}, ) == 0x0
 01853  2016   NtQueryInformationThread  (412, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff6a000,Pid=896,Tid=2040,}, 0x0, ) == 0x0
 01854  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81953, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81953, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\1\0\0\200\3\0\0\370\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81954, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\1\0\0\200\3\0\0\370\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81954, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81953, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\1\0\0\200\3\0\0\370\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81954, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\1\0\0\200\3\0\0\370\7\0\0" )  ) == 0x0
 01855  2016   NtResumeThread  (412, ... 1, ) == 0x0
 01856  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 87097344, 1048576, ) == 0x0
 01857  2016   NtAllocateVirtualMemory  (-1, 88137728, 0, 8192, 4096, 4, ... 88137728, 8192, ) == 0x0
 01858  2040   NtWaitForSingleObject  (128, 0, 0x0, ...
 01859  2016   NtProtectVirtualMemory  (-1, (0x540e000), 4096, 260, ... (0x540e000), 4096, 4, ) == 0x0
 01860  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 416, {896, 216}, ) == 0x0
 01861  2016   NtQueryInformationThread  (416, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff69000,Pid=896,Tid=216,}, 0x0, ) == 0x0
 01862  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81954, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81954, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\1\0\0\200\3\0\0\330\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81955, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\1\0\0\200\3\0\0\330\0\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81955, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81954, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\1\0\0\200\3\0\0\330\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81955, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\1\0\0\200\3\0\0\330\0\0\0" )  ) == 0x0
 01863  2016   NtResumeThread  (416, ... 1, ) == 0x0
 01864  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 88145920, 1048576, ) == 0x0
 01865  2016   NtAllocateVirtualMemory  (-1, 89186304, 0, 8192, 4096, 4, ... 89186304, 8192, ) == 0x0
 01866   216   NtWaitForSingleObject  (128, 0, 0x0, ...
 01867  2016   NtProtectVirtualMemory  (-1, (0x550e000), 4096, 260, ... (0x550e000), 4096, 4, ) == 0x0
 01868  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 420, {896, 1524}, ) == 0x0
 01869  2016   NtQueryInformationThread  (420, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff68000,Pid=896,Tid=1524,}, 0x0, ) == 0x0
 01870  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81955, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81955, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\1\0\0\200\3\0\0\364\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81956, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\1\0\0\200\3\0\0\364\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81956, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81955, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\1\0\0\200\3\0\0\364\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81956, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\1\0\0\200\3\0\0\364\5\0\0" )  ) == 0x0
 01871  2016   NtResumeThread  (420, ... 1, ) == 0x0
 01872  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01873  1524   NtWaitForSingleObject  (128, 0, 0x0, ...
 01872  2016   NtAllocateVirtualMemory  ... 89194496, 1048576, ) == 0x0
 01874  2016   NtAllocateVirtualMemory  (-1, 90234880, 0, 8192, 4096, 4, ... 90234880, 8192, ) == 0x0
 01875  2016   NtProtectVirtualMemory  (-1, (0x560e000), 4096, 260, ... (0x560e000), 4096, 4, ) == 0x0
 01876  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 424, {896, 1864}, ) == 0x0
 01877  2016   NtQueryInformationThread  (424, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff67000,Pid=896,Tid=1864,}, 0x0, ) == 0x0
 01878  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81956, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81956, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\1\0\0\200\3\0\0H\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81957, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\1\0\0\200\3\0\0H\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81957, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81956, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\1\0\0\200\3\0\0H\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81957, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\1\0\0\200\3\0\0H\7\0\0" )  ) == 0x0
 01879  2016   NtResumeThread  (424, ... 1, ) == 0x0
 01880  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 90243072, 1048576, ) == 0x0
 01881  2016   NtAllocateVirtualMemory  (-1, 91283456, 0, 8192, 4096, 4, ... 91283456, 8192, ) == 0x0
 01882  1864   NtWaitForSingleObject  (128, 0, 0x0, ...
 01883  2016   NtProtectVirtualMemory  (-1, (0x570e000), 4096, 260, ... (0x570e000), 4096, 4, ) == 0x0
 01884  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 428, {896, 388}, ) == 0x0
 01885  2016   NtQueryInformationThread  (428, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff66000,Pid=896,Tid=388,}, 0x0, ) == 0x0
 01886  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81957, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81957, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\1\0\0\200\3\0\0\204\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81958, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\1\0\0\200\3\0\0\204\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81958, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81957, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\1\0\0\200\3\0\0\204\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81958, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\1\0\0\200\3\0\0\204\1\0\0" )  ) == 0x0
 01887  2016   NtResumeThread  (428, ... 1, ) == 0x0
 01888  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01889   388   NtWaitForSingleObject  (128, 0, 0x0, ...
 01888  2016   NtAllocateVirtualMemory  ... 91291648, 1048576, ) == 0x0
 01890  2016   NtAllocateVirtualMemory  (-1, 92332032, 0, 8192, 4096, 4, ... 92332032, 8192, ) == 0x0
 01891  2016   NtProtectVirtualMemory  (-1, (0x580e000), 4096, 260, ... (0x580e000), 4096, 4, ) == 0x0
 01892  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 432, {896, 1020}, ) == 0x0
 01893  2016   NtQueryInformationThread  (432, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff65000,Pid=896,Tid=1020,}, 0x0, ) == 0x0
 01894  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81958, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81958, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\1\0\0\200\3\0\0\374\3\0\0" ... {28, 56, reply, 0, 896, 2016, 81959, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\1\0\0\200\3\0\0\374\3\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81959, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81958, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\1\0\0\200\3\0\0\374\3\0\0" ... {28, 56, reply, 0, 896, 2016, 81959, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\1\0\0\200\3\0\0\374\3\0\0" )  ) == 0x0
 01895  2016   NtResumeThread  (432, ... 1, ) == 0x0
 01896  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 92340224, 1048576, ) == 0x0
 01897  2016   NtAllocateVirtualMemory  (-1, 93380608, 0, 8192, 4096, 4, ... 93380608, 8192, ) == 0x0
 01898  1020   NtWaitForSingleObject  (128, 0, 0x0, ...
 01899  2016   NtProtectVirtualMemory  (-1, (0x590e000), 4096, 260, ... (0x590e000), 4096, 4, ) == 0x0
 01900  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 436, {896, 1804}, ) == 0x0
 01901  2016   NtQueryInformationThread  (436, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff64000,Pid=896,Tid=1804,}, 0x0, ) == 0x0
 01902  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81959, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81959, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\1\0\0\200\3\0\0\14\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81960, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\1\0\0\200\3\0\0\14\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81960, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81959, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\1\0\0\200\3\0\0\14\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81960, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\1\0\0\200\3\0\0\14\7\0\0" )  ) == 0x0
 01903  2016   NtResumeThread  (436, ... 1, ) == 0x0
 01904  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01905  1804   NtWaitForSingleObject  (128, 0, 0x0, ...
 01904  2016   NtAllocateVirtualMemory  ... 93388800, 1048576, ) == 0x0
 01906  2016   NtAllocateVirtualMemory  (-1, 94429184, 0, 8192, 4096, 4, ... 94429184, 8192, ) == 0x0
 01907  2016   NtProtectVirtualMemory  (-1, (0x5a0e000), 4096, 260, ... (0x5a0e000), 4096, 4, ) == 0x0
 01908  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 440, {896, 1644}, ) == 0x0
 01909  2016   NtQueryInformationThread  (440, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff63000,Pid=896,Tid=1644,}, 0x0, ) == 0x0
 01910  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81960, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81960, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\1\0\0\200\3\0\0l\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81961, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\1\0\0\200\3\0\0l\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81961, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81960, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\1\0\0\200\3\0\0l\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81961, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\1\0\0\200\3\0\0l\6\0\0" )  ) == 0x0
 01911  2016   NtResumeThread  (440, ... 1, ) == 0x0
 01912  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 94437376, 1048576, ) == 0x0
 01913  2016   NtAllocateVirtualMemory  (-1, 95477760, 0, 8192, 4096, 4, ... 95477760, 8192, ) == 0x0
 01914  1644   NtWaitForSingleObject  (128, 0, 0x0, ...
 01915  2016   NtProtectVirtualMemory  (-1, (0x5b0e000), 4096, 260, ... (0x5b0e000), 4096, 4, ) == 0x0
 01916  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 444, {896, 1124}, ) == 0x0
 01917  2016   NtQueryInformationThread  (444, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff62000,Pid=896,Tid=1124,}, 0x0, ) == 0x0
 01918  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81961, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81961, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\1\0\0\200\3\0\0d\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81962, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\1\0\0\200\3\0\0d\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81962, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81961, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\1\0\0\200\3\0\0d\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81962, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\1\0\0\200\3\0\0d\4\0\0" )  ) == 0x0
 01919  2016   NtResumeThread  (444, ... 1, ) == 0x0
 01920  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01921  1124   NtWaitForSingleObject  (128, 0, 0x0, ...
 01920  2016   NtAllocateVirtualMemory  ... 95485952, 1048576, ) == 0x0
 01922  2016   NtAllocateVirtualMemory  (-1, 96526336, 0, 8192, 4096, 4, ... 96526336, 8192, ) == 0x0
 01923  2016   NtProtectVirtualMemory  (-1, (0x5c0e000), 4096, 260, ... (0x5c0e000), 4096, 4, ) == 0x0
 01924  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 448, {896, 776}, ) == 0x0
 01925  2016   NtQueryInformationThread  (448, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff61000,Pid=896,Tid=776,}, 0x0, ) == 0x0
 01926  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81962, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81962, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\1\0\0\200\3\0\0\10\3\0\0" ... {28, 56, reply, 0, 896, 2016, 81963, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\1\0\0\200\3\0\0\10\3\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81963, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81962, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\1\0\0\200\3\0\0\10\3\0\0" ... {28, 56, reply, 0, 896, 2016, 81963, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\1\0\0\200\3\0\0\10\3\0\0" )  ) == 0x0
 01927  2016   NtResumeThread  (448, ... 1, ) == 0x0
 01928  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 96534528, 1048576, ) == 0x0
 01929  2016   NtAllocateVirtualMemory  (-1, 97574912, 0, 8192, 4096, 4, ... 97574912, 8192, ) == 0x0
 01930   776   NtWaitForSingleObject  (128, 0, 0x0, ...
 01931  2016   NtProtectVirtualMemory  (-1, (0x5d0e000), 4096, 260, ... (0x5d0e000), 4096, 4, ) == 0x0
 01932  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 452, {896, 1696}, ) == 0x0
 01933  2016   NtQueryInformationThread  (452, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff60000,Pid=896,Tid=1696,}, 0x0, ) == 0x0
 01934  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81963, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81963, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\1\0\0\200\3\0\0\240\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81964, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\1\0\0\200\3\0\0\240\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81964, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81963, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\1\0\0\200\3\0\0\240\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81964, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\1\0\0\200\3\0\0\240\6\0\0" )  ) == 0x0
 01935  2016   NtResumeThread  (452, ... 1, ) == 0x0
 01936  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 97583104, 1048576, ) == 0x0
 01937  2016   NtAllocateVirtualMemory  (-1, 98623488, 0, 8192, 4096, 4, ... 98623488, 8192, ) == 0x0
 01938  1696   NtWaitForSingleObject  (128, 0, 0x0, ...
 01939  2016   NtProtectVirtualMemory  (-1, (0x5e0e000), 4096, 260, ... (0x5e0e000), 4096, 4, ) == 0x0
 01940  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 456, {896, 1920}, ) == 0x0
 01941  2016   NtQueryInformationThread  (456, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff5f000,Pid=896,Tid=1920,}, 0x0, ) == 0x0
 01942  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81964, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81964, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\1\0\0\200\3\0\0\200\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81965, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\1\0\0\200\3\0\0\200\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81965, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81964, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\1\0\0\200\3\0\0\200\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81965, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\1\0\0\200\3\0\0\200\7\0\0" )  ) == 0x0
 01943  2016   NtResumeThread  (456, ... 1, ) == 0x0
 01944  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01945  1920   NtWaitForSingleObject  (128, 0, 0x0, ...
 01944  2016   NtAllocateVirtualMemory  ... 98631680, 1048576, ) == 0x0
 01946  2016   NtAllocateVirtualMemory  (-1, 99672064, 0, 8192, 4096, 4, ... 99672064, 8192, ) == 0x0
 01947  2016   NtProtectVirtualMemory  (-1, (0x5f0e000), 4096, 260, ... (0x5f0e000), 4096, 4, ) == 0x0
 01948  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 460, {896, 1200}, ) == 0x0
 01949  2016   NtQueryInformationThread  (460, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff5e000,Pid=896,Tid=1200,}, 0x0, ) == 0x0
 01950  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81965, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81965, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\1\0\0\200\3\0\0\260\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81966, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\1\0\0\200\3\0\0\260\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81966, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81965, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\1\0\0\200\3\0\0\260\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81966, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\1\0\0\200\3\0\0\260\4\0\0" )  ) == 0x0
 01951  2016   NtResumeThread  (460, ... 1, ) == 0x0
 01952  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 99680256, 1048576, ) == 0x0
 01953  2016   NtAllocateVirtualMemory  (-1, 100720640, 0, 8192, 4096, 4, ... 100720640, 8192, ) == 0x0
 01954  1200   NtWaitForSingleObject  (128, 0, 0x0, ...
 01955  2016   NtProtectVirtualMemory  (-1, (0x600e000), 4096, 260, ... (0x600e000), 4096, 4, ) == 0x0
 01956  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 464, {896, 1396}, ) == 0x0
 01957  2016   NtQueryInformationThread  (464, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff5d000,Pid=896,Tid=1396,}, 0x0, ) == 0x0
 01958  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81966, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81966, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\1\0\0\200\3\0\0t\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81967, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\1\0\0\200\3\0\0t\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81967, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81966, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\1\0\0\200\3\0\0t\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81967, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\1\0\0\200\3\0\0t\5\0\0" )  ) == 0x0
 01959  2016   NtResumeThread  (464, ... 1, ) == 0x0
 01960  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01961  1396   NtWaitForSingleObject  (128, 0, 0x0, ...
 01960  2016   NtAllocateVirtualMemory  ... 100728832, 1048576, ) == 0x0
 01962  2016   NtAllocateVirtualMemory  (-1, 101769216, 0, 8192, 4096, 4, ... 101769216, 8192, ) == 0x0
 01963  2016   NtProtectVirtualMemory  (-1, (0x610e000), 4096, 260, ... (0x610e000), 4096, 4, ) == 0x0
 01964  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 468, {896, 1692}, ) == 0x0
 01965  2016   NtQueryInformationThread  (468, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff5c000,Pid=896,Tid=1692,}, 0x0, ) == 0x0
 01966  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81967, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81967, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\1\0\0\200\3\0\0\234\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81968, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\1\0\0\200\3\0\0\234\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81968, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81967, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\1\0\0\200\3\0\0\234\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81968, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\1\0\0\200\3\0\0\234\6\0\0" )  ) == 0x0
 01967  2016   NtResumeThread  (468, ... 1, ) == 0x0
 01968  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 101777408, 1048576, ) == 0x0
 01969  2016   NtAllocateVirtualMemory  (-1, 102817792, 0, 8192, 4096, 4, ... 102817792, 8192, ) == 0x0
 01970  1692   NtWaitForSingleObject  (128, 0, 0x0, ...
 01971  2016   NtProtectVirtualMemory  (-1, (0x620e000), 4096, 260, ... (0x620e000), 4096, 4, ) == 0x0
 01972  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 472, {896, 1392}, ) == 0x0
 01973  2016   NtQueryInformationThread  (472, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff5b000,Pid=896,Tid=1392,}, 0x0, ) == 0x0
 01974  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81968, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81968, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\1\0\0\200\3\0\0p\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81969, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\1\0\0\200\3\0\0p\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81969, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81968, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\1\0\0\200\3\0\0p\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81969, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\1\0\0\200\3\0\0p\5\0\0" )  ) == 0x0
 01975  2016   NtResumeThread  (472, ... 1, ) == 0x0
 01976  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01977  1392   NtWaitForSingleObject  (128, 0, 0x0, ...
 01976  2016   NtAllocateVirtualMemory  ... 102825984, 1048576, ) == 0x0
 01978  2016   NtAllocateVirtualMemory  (-1, 103866368, 0, 8192, 4096, 4, ... 103866368, 8192, ) == 0x0
 01979  2016   NtProtectVirtualMemory  (-1, (0x630e000), 4096, 260, ... (0x630e000), 4096, 4, ) == 0x0
 01980  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 476, {896, 1852}, ) == 0x0
 01981  2016   NtQueryInformationThread  (476, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff5a000,Pid=896,Tid=1852,}, 0x0, ) == 0x0
 01982  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81969, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81969, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\1\0\0\200\3\0\0<\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81970, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\1\0\0\200\3\0\0<\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81970, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81969, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\1\0\0\200\3\0\0<\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81970, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\1\0\0\200\3\0\0<\7\0\0" )  ) == 0x0
 01983  2016   NtResumeThread  (476, ... 1, ) == 0x0
 01984  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01985  1852   NtWaitForSingleObject  (128, 0, 0x0, ...
 01984  2016   NtAllocateVirtualMemory  ... 103874560, 1048576, ) == 0x0
 01986  2016   NtAllocateVirtualMemory  (-1, 104914944, 0, 8192, 4096, 4, ... 104914944, 8192, ) == 0x0
 01987  2016   NtProtectVirtualMemory  (-1, (0x640e000), 4096, 260, ... (0x640e000), 4096, 4, ) == 0x0
 01988  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 480, {896, 504}, ) == 0x0
 01989  2016   NtQueryInformationThread  (480, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff59000,Pid=896,Tid=504,}, 0x0, ) == 0x0
 01990  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81970, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81970, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\1\0\0\200\3\0\0\370\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81971, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\1\0\0\200\3\0\0\370\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81971, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81970, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\1\0\0\200\3\0\0\370\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81971, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\1\0\0\200\3\0\0\370\1\0\0" )  ) == 0x0
 01991  2016   NtResumeThread  (480, ... 1, ) == 0x0
 01992  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 104923136, 1048576, ) == 0x0
 01993  2016   NtAllocateVirtualMemory  (-1, 105963520, 0, 8192, 4096, 4, ... 105963520, 8192, ) == 0x0
 01994   504   NtWaitForSingleObject  (128, 0, 0x0, ...
 01995  2016   NtProtectVirtualMemory  (-1, (0x650e000), 4096, 260, ... (0x650e000), 4096, 4, ) == 0x0
 01996  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 484, {896, 800}, ) == 0x0
 01997  2016   NtQueryInformationThread  (484, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff58000,Pid=896,Tid=800,}, 0x0, ) == 0x0
 01998  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81971, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81971, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\1\0\0\200\3\0\0 \3\0\0" ... {28, 56, reply, 0, 896, 2016, 81972, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\1\0\0\200\3\0\0 \3\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81972, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81971, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\1\0\0\200\3\0\0 \3\0\0" ... {28, 56, reply, 0, 896, 2016, 81972, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\1\0\0\200\3\0\0 \3\0\0" )  ) == 0x0
 01999  2016   NtResumeThread  (484, ... 1, ) == 0x0
 02000  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02001   800   NtWaitForSingleObject  (128, 0, 0x0, ...
 02000  2016   NtAllocateVirtualMemory  ... 105971712, 1048576, ) == 0x0
 02002  2016   NtAllocateVirtualMemory  (-1, 107012096, 0, 8192, 4096, 4, ... 107012096, 8192, ) == 0x0
 02003  2016   NtProtectVirtualMemory  (-1, (0x660e000), 4096, 260, ... (0x660e000), 4096, 4, ) == 0x0
 02004  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 488, {896, 1740}, ) == 0x0
 02005  2016   NtQueryInformationThread  (488, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff57000,Pid=896,Tid=1740,}, 0x0, ) == 0x0
 02006  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81972, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81972, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\1\0\0\200\3\0\0\314\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81973, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\1\0\0\200\3\0\0\314\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81973, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81972, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\1\0\0\200\3\0\0\314\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81973, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\1\0\0\200\3\0\0\314\6\0\0" )  ) == 0x0
 02007  2016   NtResumeThread  (488, ... 1, ) == 0x0
 02008  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 107020288, 1048576, ) == 0x0
 02009  2016   NtAllocateVirtualMemory  (-1, 108060672, 0, 8192, 4096, 4, ... 108060672, 8192, ) == 0x0
 02010  1740   NtWaitForSingleObject  (128, 0, 0x0, ...
 02011  2016   NtProtectVirtualMemory  (-1, (0x670e000), 4096, 260, ... (0x670e000), 4096, 4, ) == 0x0
 02012  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 492, {896, 1176}, ) == 0x0
 02013  2016   NtQueryInformationThread  (492, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff56000,Pid=896,Tid=1176,}, 0x0, ) == 0x0
 02014  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81973, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81973, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\1\0\0\200\3\0\0\230\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81974, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\1\0\0\200\3\0\0\230\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81974, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81973, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\1\0\0\200\3\0\0\230\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81974, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\1\0\0\200\3\0\0\230\4\0\0" )  ) == 0x0
 02015  2016   NtResumeThread  (492, ... 1, ) == 0x0
 02016  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02017  1176   NtWaitForSingleObject  (128, 0, 0x0, ...
 02016  2016   NtAllocateVirtualMemory  ... 108068864, 1048576, ) == 0x0
 02018  2016   NtAllocateVirtualMemory  (-1, 109109248, 0, 8192, 4096, 4, ... 109109248, 8192, ) == 0x0
 02019  2016   NtProtectVirtualMemory  (-1, (0x680e000), 4096, 260, ... (0x680e000), 4096, 4, ) == 0x0
 02020  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 496, {896, 1828}, ) == 0x0
 02021  2016   NtQueryInformationThread  (496, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff55000,Pid=896,Tid=1828,}, 0x0, ) == 0x0
 02022  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81974, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81974, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\1\0\0\200\3\0\0$\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81975, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\1\0\0\200\3\0\0$\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81975, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81974, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\1\0\0\200\3\0\0$\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81975, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\1\0\0\200\3\0\0$\7\0\0" )  ) == 0x0
 02023  2016   NtResumeThread  (496, ... 1, ) == 0x0
 02024  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 109117440, 1048576, ) == 0x0
 02025  2016   NtAllocateVirtualMemory  (-1, 110157824, 0, 8192, 4096, 4, ... 110157824, 8192, ) == 0x0
 02026  1828   NtWaitForSingleObject  (128, 0, 0x0, ...
 02027  2016   NtProtectVirtualMemory  (-1, (0x690e000), 4096, 260, ... (0x690e000), 4096, 4, ) == 0x0
 02028  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 500, {896, 1700}, ) == 0x0
 02029  2016   NtQueryInformationThread  (500, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff54000,Pid=896,Tid=1700,}, 0x0, ) == 0x0
 02030  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81975, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81975, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\1\0\0\200\3\0\0\244\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81976, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\1\0\0\200\3\0\0\244\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81976, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81975, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\1\0\0\200\3\0\0\244\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81976, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\1\0\0\200\3\0\0\244\6\0\0" )  ) == 0x0
 02031  2016   NtResumeThread  (500, ... 1, ) == 0x0
 02032  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02033  1700   NtWaitForSingleObject  (128, 0, 0x0, ...
 02032  2016   NtAllocateVirtualMemory  ... 110166016, 1048576, ) == 0x0
 02034  2016   NtAllocateVirtualMemory  (-1, 111206400, 0, 8192, 4096, 4, ... 111206400, 8192, ) == 0x0
 02035  2016   NtProtectVirtualMemory  (-1, (0x6a0e000), 4096, 260, ... (0x6a0e000), 4096, 4, ) == 0x0
 02036  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 504, {896, 1528}, ) == 0x0
 02037  2016   NtQueryInformationThread  (504, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff53000,Pid=896,Tid=1528,}, 0x0, ) == 0x0
 02038  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81976, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81976, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\1\0\0\200\3\0\0\370\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81977, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\1\0\0\200\3\0\0\370\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81977, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81976, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\1\0\0\200\3\0\0\370\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81977, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\1\0\0\200\3\0\0\370\5\0\0" )  ) == 0x0
 02039  2016   NtResumeThread  (504, ... 1, ) == 0x0
 02040  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 111214592, 1048576, ) == 0x0
 02041  2016   NtAllocateVirtualMemory  (-1, 112254976, 0, 8192, 4096, 4, ... 112254976, 8192, ) == 0x0
 02042  1528   NtWaitForSingleObject  (128, 0, 0x0, ...
 02043  2016   NtProtectVirtualMemory  (-1, (0x6b0e000), 4096, 260, ... (0x6b0e000), 4096, 4, ) == 0x0
 02044  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 508, {896, 1252}, ) == 0x0
 02045  2016   NtQueryInformationThread  (508, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff52000,Pid=896,Tid=1252,}, 0x0, ) == 0x0
 02046  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81977, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81977, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\1\0\0\200\3\0\0\344\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81978, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\1\0\0\200\3\0\0\344\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81978, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81977, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\1\0\0\200\3\0\0\344\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81978, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\1\0\0\200\3\0\0\344\4\0\0" )  ) == 0x0
 02047  2016   NtResumeThread  (508, ... 1, ) == 0x0
 02048  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02049  1252   NtWaitForSingleObject  (128, 0, 0x0, ...
 02048  2016   NtAllocateVirtualMemory  ... 112263168, 1048576, ) == 0x0
 02050  2016   NtAllocateVirtualMemory  (-1, 113303552, 0, 8192, 4096, 4, ... 113303552, 8192, ) == 0x0
 02051  2016   NtProtectVirtualMemory  (-1, (0x6c0e000), 4096, 260, ... (0x6c0e000), 4096, 4, ) == 0x0
 02052  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 512, {896, 596}, ) == 0x0
 02053  2016   NtQueryInformationThread  (512, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff51000,Pid=896,Tid=596,}, 0x0, ) == 0x0
 02054  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81978, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81978, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\2\0\0\200\3\0\0T\2\0\0" ... {28, 56, reply, 0, 896, 2016, 81979, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\2\0\0\200\3\0\0T\2\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81979, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81978, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\2\0\0\200\3\0\0T\2\0\0" ... {28, 56, reply, 0, 896, 2016, 81979, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\2\0\0\200\3\0\0T\2\0\0" )  ) == 0x0
 02055  2016   NtResumeThread  (512, ... 1, ) == 0x0
 02056  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 113311744, 1048576, ) == 0x0
 02057  2016   NtAllocateVirtualMemory  (-1, 114352128, 0, 8192, 4096, 4, ... 114352128, 8192, ) == 0x0
 02058   596   NtWaitForSingleObject  (128, 0, 0x0, ...
 02059  2016   NtProtectVirtualMemory  (-1, (0x6d0e000), 4096, 260, ... (0x6d0e000), 4096, 4, ) == 0x0
 02060  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 516, {896, 376}, ) == 0x0
 02061  2016   NtQueryInformationThread  (516, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff50000,Pid=896,Tid=376,}, 0x0, ) == 0x0
 02062  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81979, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81979, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\2\0\0\200\3\0\0x\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81980, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\2\0\0\200\3\0\0x\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81980, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81979, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\2\0\0\200\3\0\0x\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81980, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\2\0\0\200\3\0\0x\1\0\0" )  ) == 0x0
 02063  2016   NtResumeThread  (516, ... 1, ) == 0x0
 02064  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 114360320, 1048576, ) == 0x0
 02065  2016   NtAllocateVirtualMemory  (-1, 115400704, 0, 8192, 4096, 4, ... 115400704, 8192, ) == 0x0
 02066   376   NtWaitForSingleObject  (128, 0, 0x0, ...
 02067  2016   NtProtectVirtualMemory  (-1, (0x6e0e000), 4096, 260, ... (0x6e0e000), 4096, 4, ) == 0x0
 02068  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 520, {896, 420}, ) == 0x0
 02069  2016   NtQueryInformationThread  (520, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4f000,Pid=896,Tid=420,}, 0x0, ) == 0x0
 02070  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81980, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81980, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\2\0\0\200\3\0\0\244\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81981, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\2\0\0\200\3\0\0\244\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81981, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81980, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\2\0\0\200\3\0\0\244\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81981, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\2\0\0\200\3\0\0\244\1\0\0" )  ) == 0x0
 02071  2016   NtResumeThread  (520, ... 1, ) == 0x0
 02072  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02073   420   NtWaitForSingleObject  (128, 0, 0x0, ...
 02072  2016   NtAllocateVirtualMemory  ... 115408896, 1048576, ) == 0x0
 02074  2016   NtAllocateVirtualMemory  (-1, 116449280, 0, 8192, 4096, 4, ... 116449280, 8192, ) == 0x0
 02075  2016   NtProtectVirtualMemory  (-1, (0x6f0e000), 4096, 260, ... (0x6f0e000), 4096, 4, ) == 0x0
 02076  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 524, {896, 384}, ) == 0x0
 02077  2016   NtQueryInformationThread  (524, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4e000,Pid=896,Tid=384,}, 0x0, ) == 0x0
 02078  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81981, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81981, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\2\0\0\200\3\0\0\200\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81982, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\2\0\0\200\3\0\0\200\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81982, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81981, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\2\0\0\200\3\0\0\200\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81982, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\2\0\0\200\3\0\0\200\1\0\0" )  ) == 0x0
 02079  2016   NtResumeThread  (524, ... 1, ) == 0x0
 02080  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 116457472, 1048576, ) == 0x0
 02081  2016   NtAllocateVirtualMemory  (-1, 117497856, 0, 8192, 4096, 4, ... 117497856, 8192, ) == 0x0
 02082   384   NtWaitForSingleObject  (128, 0, 0x0, ...
 02083  2016   NtProtectVirtualMemory  (-1, (0x700e000), 4096, 260, ... (0x700e000), 4096, 4, ) == 0x0
 02084  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 528, {896, 1028}, ) == 0x0
 02085  2016   NtQueryInformationThread  (528, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4d000,Pid=896,Tid=1028,}, 0x0, ) == 0x0
 02086  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81982, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81982, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\2\0\0\200\3\0\0\4\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81983, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\2\0\0\200\3\0\0\4\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81983, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81982, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\2\0\0\200\3\0\0\4\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81983, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\2\0\0\200\3\0\0\4\4\0\0" )  ) == 0x0
 02087  2016   NtResumeThread  (528, ... 1, ) == 0x0
 02088  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02089  1028   NtWaitForSingleObject  (128, 0, 0x0, ...
 02088  2016   NtAllocateVirtualMemory  ... 117506048, 1048576, ) == 0x0
 02090  2016   NtAllocateVirtualMemory  (-1, 118546432, 0, 8192, 4096, 4, ... 118546432, 8192, ) == 0x0
 02091  2016   NtProtectVirtualMemory  (-1, (0x710e000), 4096, 260, ... (0x710e000), 4096, 4, ) == 0x0
 02092  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 532, {896, 2012}, ) == 0x0
 02093  2016   NtQueryInformationThread  (532, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4c000,Pid=896,Tid=2012,}, 0x0, ) == 0x0
 02094  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81983, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81983, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\2\0\0\200\3\0\0\334\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81984, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\2\0\0\200\3\0\0\334\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81984, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81983, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\2\0\0\200\3\0\0\334\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81984, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\2\0\0\200\3\0\0\334\7\0\0" )  ) == 0x0
 02095  2016   NtResumeThread  (532, ... 1, ) == 0x0
 02096  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 118554624, 1048576, ) == 0x0
 02097  2016   NtAllocateVirtualMemory  (-1, 119595008, 0, 8192, 4096, 4, ... 119595008, 8192, ) == 0x0
 02098  2012   NtWaitForSingleObject  (128, 0, 0x0, ...
 02099  2016   NtProtectVirtualMemory  (-1, (0x720e000), 4096, 260, ... (0x720e000), 4096, 4, ) == 0x0
 02100  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 536, {896, 1168}, ) == 0x0
 02101  2016   NtQueryInformationThread  (536, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4b000,Pid=896,Tid=1168,}, 0x0, ) == 0x0
 02102  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81984, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81984, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\2\0\0\200\3\0\0\220\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81985, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\2\0\0\200\3\0\0\220\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81985, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81984, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\2\0\0\200\3\0\0\220\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81985, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\2\0\0\200\3\0\0\220\4\0\0" )  ) == 0x0
 02103  2016   NtResumeThread  (536, ... 1, ) == 0x0
 02104  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02105  1168   NtWaitForSingleObject  (128, 0, 0x0, ...
 02104  2016   NtAllocateVirtualMemory  ... 119603200, 1048576, ) == 0x0
 02106  2016   NtAllocateVirtualMemory  (-1, 120643584, 0, 8192, 4096, 4, ... 120643584, 8192, ) == 0x0
 02107  2016   NtProtectVirtualMemory  (-1, (0x730e000), 4096, 260, ... (0x730e000), 4096, 4, ) == 0x0
 02108  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 540, {896, 1180}, ) == 0x0
 02109  2016   NtQueryInformationThread  (540, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4a000,Pid=896,Tid=1180,}, 0x0, ) == 0x0
 02110  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81985, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81985, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\2\0\0\200\3\0\0\234\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81986, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\2\0\0\200\3\0\0\234\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81986, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81985, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\2\0\0\200\3\0\0\234\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81986, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\2\0\0\200\3\0\0\234\4\0\0" )  ) == 0x0
 02111  2016   NtResumeThread  (540, ... 1, ) == 0x0
 02112  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 120651776, 1048576, ) == 0x0
 02113  2016   NtAllocateVirtualMemory  (-1, 121692160, 0, 8192, 4096, 4, ... 121692160, 8192, ) == 0x0
 02114  1180   NtWaitForSingleObject  (128, 0, 0x0, ...
 02115  2016   NtProtectVirtualMemory  (-1, (0x740e000), 4096, 260, ... (0x740e000), 4096, 4, ) == 0x0
 02116  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 544, {896, 928}, ) == 0x0
 02117  2016   NtQueryInformationThread  (544, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff49000,Pid=896,Tid=928,}, 0x0, ) == 0x0
 02118  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81986, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81986, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \2\0\0\200\3\0\0\240\3\0\0" ... {28, 56, reply, 0, 896, 2016, 81987, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \2\0\0\200\3\0\0\240\3\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81987, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81986, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \2\0\0\200\3\0\0\240\3\0\0" ... {28, 56, reply, 0, 896, 2016, 81987, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \2\0\0\200\3\0\0\240\3\0\0" )  ) == 0x0
 02119  2016   NtResumeThread  (544, ... 1, ) == 0x0
 02120  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02121   928   NtWaitForSingleObject  (128, 0, 0x0, ...
 02120  2016   NtAllocateVirtualMemory  ... 121700352, 1048576, ) == 0x0
 02122  2016   NtAllocateVirtualMemory  (-1, 122740736, 0, 8192, 4096, 4, ... 122740736, 8192, ) == 0x0
 02123  2016   NtProtectVirtualMemory  (-1, (0x750e000), 4096, 260, ... (0x750e000), 4096, 4, ) == 0x0
 02124  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 548, {896, 428}, ) == 0x0
 02125  2016   NtQueryInformationThread  (548, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff48000,Pid=896,Tid=428,}, 0x0, ) == 0x0
 02126  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81987, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81987, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\2\0\0\200\3\0\0\254\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81988, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\2\0\0\200\3\0\0\254\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81988, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81987, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\2\0\0\200\3\0\0\254\1\0\0" ... {28, 56, reply, 0, 896, 2016, 81988, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\2\0\0\200\3\0\0\254\1\0\0" )  ) == 0x0
 02127  2016   NtResumeThread  (548, ... 1, ) == 0x0
 02128  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 122748928, 1048576, ) == 0x0
 02129  2016   NtAllocateVirtualMemory  (-1, 123789312, 0, 8192, 4096, 4, ... 123789312, 8192, ) == 0x0
 02130   428   NtWaitForSingleObject  (128, 0, 0x0, ...
 02131  2016   NtProtectVirtualMemory  (-1, (0x760e000), 4096, 260, ... (0x760e000), 4096, 4, ) == 0x0
 02132  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 552, {896, 1732}, ) == 0x0
 02133  2016   NtQueryInformationThread  (552, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff47000,Pid=896,Tid=1732,}, 0x0, ) == 0x0
 02134  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81988, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81988, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\2\0\0\200\3\0\0\304\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81989, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\2\0\0\200\3\0\0\304\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81989, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81988, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\2\0\0\200\3\0\0\304\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81989, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\2\0\0\200\3\0\0\304\6\0\0" )  ) == 0x0
 02135  2016   NtResumeThread  (552, ... 1, ) == 0x0
 02136  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02137  1732   NtWaitForSingleObject  (128, 0, 0x0, ...
 02136  2016   NtAllocateVirtualMemory  ... 123797504, 1048576, ) == 0x0
 02138  2016   NtAllocateVirtualMemory  (-1, 124837888, 0, 8192, 4096, 4, ... 124837888, 8192, ) == 0x0
 02139  2016   NtProtectVirtualMemory  (-1, (0x770e000), 4096, 260, ... (0x770e000), 4096, 4, ) == 0x0
 02140  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 556, {896, 748}, ) == 0x0
 02141  2016   NtQueryInformationThread  (556, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff46000,Pid=896,Tid=748,}, 0x0, ) == 0x0
 02142  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81989, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81989, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\2\0\0\200\3\0\0\354\2\0\0" ... {28, 56, reply, 0, 896, 2016, 81990, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\2\0\0\200\3\0\0\354\2\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81990, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81989, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\2\0\0\200\3\0\0\354\2\0\0" ... {28, 56, reply, 0, 896, 2016, 81990, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\2\0\0\200\3\0\0\354\2\0\0" )  ) == 0x0
 02143  2016   NtResumeThread  (556, ... 1, ) == 0x0
 02144  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 124846080, 1048576, ) == 0x0
 02145  2016   NtAllocateVirtualMemory  (-1, 125886464, 0, 8192, 4096, 4, ... 125886464, 8192, ) == 0x0
 02146   748   NtWaitForSingleObject  (128, 0, 0x0, ...
 02147  2016   NtProtectVirtualMemory  (-1, (0x780e000), 4096, 260, ... (0x780e000), 4096, 4, ) == 0x0
 02148  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 560, {896, 900}, ) == 0x0
 02149  2016   NtQueryInformationThread  (560, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff45000,Pid=896,Tid=900,}, 0x0, ) == 0x0
 02150  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81990, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81990, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\2\0\0\200\3\0\0\204\3\0\0" ... {28, 56, reply, 0, 896, 2016, 81991, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\2\0\0\200\3\0\0\204\3\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81991, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81990, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\2\0\0\200\3\0\0\204\3\0\0" ... {28, 56, reply, 0, 896, 2016, 81991, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\2\0\0\200\3\0\0\204\3\0\0" )  ) == 0x0
 02151  2016   NtResumeThread  (560, ... 1, ) == 0x0
 02152  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 125894656, 1048576, ) == 0x0
 02153  2016   NtAllocateVirtualMemory  (-1, 126935040, 0, 8192, 4096, 4, ... 126935040, 8192, ) == 0x0
 02154   900   NtWaitForSingleObject  (128, 0, 0x0, ...
 02155  2016   NtProtectVirtualMemory  (-1, (0x790e000), 4096, 260, ... (0x790e000), 4096, 4, ) == 0x0
 02156  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 564, {896, 1388}, ) == 0x0
 02157  2016   NtQueryInformationThread  (564, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff44000,Pid=896,Tid=1388,}, 0x0, ) == 0x0
 02158  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81991, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81991, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\2\0\0\200\3\0\0l\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81992, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\2\0\0\200\3\0\0l\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81992, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81991, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\2\0\0\200\3\0\0l\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81992, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\2\0\0\200\3\0\0l\5\0\0" )  ) == 0x0
 02159  2016   NtResumeThread  (564, ... 1, ) == 0x0
 02160  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02161  1388   NtWaitForSingleObject  (128, 0, 0x0, ...
 02160  2016   NtAllocateVirtualMemory  ... 126943232, 1048576, ) == 0x0
 02162  2016   NtAllocateVirtualMemory  (-1, 127983616, 0, 8192, 4096, 4, ... 127983616, 8192, ) == 0x0
 02163  2016   NtProtectVirtualMemory  (-1, (0x7a0e000), 4096, 260, ... (0x7a0e000), 4096, 4, ) == 0x0
 02164  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 568, {896, 2036}, ) == 0x0
 02165  2016   NtQueryInformationThread  (568, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff43000,Pid=896,Tid=2036,}, 0x0, ) == 0x0
 02166  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81992, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81992, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\2\0\0\200\3\0\0\364\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81993, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\2\0\0\200\3\0\0\364\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81993, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81992, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\2\0\0\200\3\0\0\364\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81993, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\2\0\0\200\3\0\0\364\7\0\0" )  ) == 0x0
 02167  2016   NtResumeThread  (568, ... 1, ) == 0x0
 02168  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 127991808, 1048576, ) == 0x0
 02169  2016   NtAllocateVirtualMemory  (-1, 129032192, 0, 8192, 4096, 4, ... 129032192, 8192, ) == 0x0
 02170  2036   NtWaitForSingleObject  (128, 0, 0x0, ...
 02171  2016   NtProtectVirtualMemory  (-1, (0x7b0e000), 4096, 260, ... (0x7b0e000), 4096, 4, ) == 0x0
 02172  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 572, {896, 1372}, ) == 0x0
 02173  2016   NtQueryInformationThread  (572, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff42000,Pid=896,Tid=1372,}, 0x0, ) == 0x0
 02174  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81993, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81993, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\2\0\0\200\3\0\0\\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81994, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\2\0\0\200\3\0\0\\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81994, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81993, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\2\0\0\200\3\0\0\\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81994, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\2\0\0\200\3\0\0\\5\0\0" )  ) == 0x0
 02175  2016   NtResumeThread  (572, ... 1, ) == 0x0
 02176  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02177  1372   NtWaitForSingleObject  (128, 0, 0x0, ...
 02176  2016   NtAllocateVirtualMemory  ... 129040384, 1048576, ) == 0x0
 02178  2016   NtAllocateVirtualMemory  (-1, 130080768, 0, 8192, 4096, 4, ... 130080768, 8192, ) == 0x0
 02179  2016   NtProtectVirtualMemory  (-1, (0x7c0e000), 4096, 260, ... (0x7c0e000), 4096, 4, ) == 0x0
 02180  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 576, {896, 1600}, ) == 0x0
 02181  2016   NtQueryInformationThread  (576, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff41000,Pid=896,Tid=1600,}, 0x0, ) == 0x0
 02182  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81994, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81994, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\2\0\0\200\3\0\0@\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81995, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\2\0\0\200\3\0\0@\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81995, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81994, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\2\0\0\200\3\0\0@\6\0\0" ... {28, 56, reply, 0, 896, 2016, 81995, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\2\0\0\200\3\0\0@\6\0\0" )  ) == 0x0
 02183  2016   NtResumeThread  (576, ... 1, ) == 0x0
 02184  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 130088960, 1048576, ) == 0x0
 02185  2016   NtAllocateVirtualMemory  (-1, 131129344, 0, 8192, 4096, 4, ... 131129344, 8192, ) == 0x0
 02186  1600   NtWaitForSingleObject  (128, 0, 0x0, ...
 02187  2016   NtProtectVirtualMemory  (-1, (0x7d0e000), 4096, 260, ... (0x7d0e000), 4096, 4, ) == 0x0
 02188  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 580, {896, 1948}, ) == 0x0
 02189  2016   NtQueryInformationThread  (580, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff40000,Pid=896,Tid=1948,}, 0x0, ) == 0x0
 02190  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81995, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81995, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\2\0\0\200\3\0\0\234\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81996, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\2\0\0\200\3\0\0\234\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81996, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81995, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\2\0\0\200\3\0\0\234\7\0\0" ... {28, 56, reply, 0, 896, 2016, 81996, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\2\0\0\200\3\0\0\234\7\0\0" )  ) == 0x0
 02191  2016   NtResumeThread  (580, ... 1, ) == 0x0
 02192  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02193  1948   NtWaitForSingleObject  (128, 0, 0x0, ...
 02192  2016   NtAllocateVirtualMemory  ... 131137536, 1048576, ) == 0x0
 02194  2016   NtAllocateVirtualMemory  (-1, 132177920, 0, 8192, 4096, 4, ... 132177920, 8192, ) == 0x0
 02195  2016   NtProtectVirtualMemory  (-1, (0x7e0e000), 4096, 260, ... (0x7e0e000), 4096, 4, ) == 0x0
 02196  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 584, {896, 252}, ) == 0x0
 02197  2016   NtQueryInformationThread  (584, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff3f000,Pid=896,Tid=252,}, 0x0, ) == 0x0
 02198  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81996, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81996, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\2\0\0\200\3\0\0\374\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81997, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\2\0\0\200\3\0\0\374\0\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81997, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81996, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\2\0\0\200\3\0\0\374\0\0\0" ... {28, 56, reply, 0, 896, 2016, 81997, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\2\0\0\200\3\0\0\374\0\0\0" )  ) == 0x0
 02199  2016   NtResumeThread  (584, ... 1, ) == 0x0
 02200  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 132186112, 1048576, ) == 0x0
 02201  2016   NtAllocateVirtualMemory  (-1, 133226496, 0, 8192, 4096, 4, ... 133226496, 8192, ) == 0x0
 02202   252   NtWaitForSingleObject  (128, 0, 0x0, ...
 02203  2016   NtProtectVirtualMemory  (-1, (0x7f0e000), 4096, 260, ... (0x7f0e000), 4096, 4, ) == 0x0
 02204  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 588, {896, 1300}, ) == 0x0
 02205  2016   NtQueryInformationThread  (588, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff3e000,Pid=896,Tid=1300,}, 0x0, ) == 0x0
 02206  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81997, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81997, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\2\0\0\200\3\0\0\24\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81998, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\2\0\0\200\3\0\0\24\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81998, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81997, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\2\0\0\200\3\0\0\24\5\0\0" ... {28, 56, reply, 0, 896, 2016, 81998, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\2\0\0\200\3\0\0\24\5\0\0" )  ) == 0x0
 02207  2016   NtResumeThread  (588, ... 1, ) == 0x0
 02208  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02209  1300   NtWaitForSingleObject  (128, 0, 0x0, ...
 02208  2016   NtAllocateVirtualMemory  ... 133234688, 1048576, ) == 0x0
 02210  2016   NtAllocateVirtualMemory  (-1, 134275072, 0, 8192, 4096, 4, ... 134275072, 8192, ) == 0x0
 02211  2016   NtProtectVirtualMemory  (-1, (0x800e000), 4096, 260, ... (0x800e000), 4096, 4, ) == 0x0
 02212  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 592, {896, 1096}, ) == 0x0
 02213  2016   NtQueryInformationThread  (592, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff3d000,Pid=896,Tid=1096,}, 0x0, ) == 0x0
 02214  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81998, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81998, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\2\0\0\200\3\0\0H\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81999, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\2\0\0\200\3\0\0H\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 81999, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81998, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\2\0\0\200\3\0\0H\4\0\0" ... {28, 56, reply, 0, 896, 2016, 81999, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\2\0\0\200\3\0\0H\4\0\0" )  ) == 0x0
 02215  2016   NtResumeThread  (592, ... 1, ) == 0x0
 02216  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 134283264, 1048576, ) == 0x0
 02217  2016   NtAllocateVirtualMemory  (-1, 135323648, 0, 8192, 4096, 4, ... 135323648, 8192, ) == 0x0
 02218  1096   NtWaitForSingleObject  (128, 0, 0x0, ...
 02219  2016   NtProtectVirtualMemory  (-1, (0x810e000), 4096, 260, ... (0x810e000), 4096, 4, ) == 0x0
 02220  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 596, {896, 1024}, ) == 0x0
 02221  2016   NtQueryInformationThread  (596, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff3c000,Pid=896,Tid=1024,}, 0x0, ) == 0x0
 02222  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 81999, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81999, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\2\0\0\200\3\0\0\0\4\0\0" ... {28, 56, reply, 0, 896, 2016, 82000, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\2\0\0\200\3\0\0\0\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82000, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 81999, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\2\0\0\200\3\0\0\0\4\0\0" ... {28, 56, reply, 0, 896, 2016, 82000, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\2\0\0\200\3\0\0\0\4\0\0" )  ) == 0x0
 02223  2016   NtResumeThread  (596, ... 1, ) == 0x0
 02224  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02225  1024   NtWaitForSingleObject  (128, 0, 0x0, ...
 02224  2016   NtAllocateVirtualMemory  ... 135331840, 1048576, ) == 0x0
 02226  2016   NtAllocateVirtualMemory  (-1, 136372224, 0, 8192, 4096, 4, ... 136372224, 8192, ) == 0x0
 02227  2016   NtProtectVirtualMemory  (-1, (0x820e000), 4096, 260, ... (0x820e000), 4096, 4, ) == 0x0
 02228  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 600, {896, 1324}, ) == 0x0
 02229  2016   NtQueryInformationThread  (600, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff3b000,Pid=896,Tid=1324,}, 0x0, ) == 0x0
 02230  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82000, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82000, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\2\0\0\200\3\0\0,\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82001, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\2\0\0\200\3\0\0,\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82001, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82000, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\2\0\0\200\3\0\0,\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82001, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\2\0\0\200\3\0\0,\5\0\0" )  ) == 0x0
 02231  2016   NtResumeThread  (600, ... 1, ) == 0x0
 02232  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 136380416, 1048576, ) == 0x0
 02233  2016   NtAllocateVirtualMemory  (-1, 137420800, 0, 8192, 4096, 4, ... 137420800, 8192, ) == 0x0
 02234  1324   NtWaitForSingleObject  (128, 0, 0x0, ...
 02235  2016   NtProtectVirtualMemory  (-1, (0x830e000), 4096, 260, ... (0x830e000), 4096, 4, ) == 0x0
 02236  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 604, {896, 1776}, ) == 0x0
 02237  2016   NtQueryInformationThread  (604, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff3a000,Pid=896,Tid=1776,}, 0x0, ) == 0x0
 02238  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82001, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82001, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\2\0\0\200\3\0\0\360\6\0\0" ... {28, 56, reply, 0, 896, 2016, 82002, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\2\0\0\200\3\0\0\360\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82002, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82001, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\2\0\0\200\3\0\0\360\6\0\0" ... {28, 56, reply, 0, 896, 2016, 82002, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\2\0\0\200\3\0\0\360\6\0\0" )  ) == 0x0
 02239  2016   NtResumeThread  (604, ... 1, ) == 0x0
 02240  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 137428992, 1048576, ) == 0x0
 02241  2016   NtAllocateVirtualMemory  (-1, 138469376, 0, 8192, 4096, 4, ... 138469376, 8192, ) == 0x0
 02242  1776   NtWaitForSingleObject  (128, 0, 0x0, ...
 02243  2016   NtProtectVirtualMemory  (-1, (0x840e000), 4096, 260, ... (0x840e000), 4096, 4, ) == 0x0
 02244  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 608, {896, 500}, ) == 0x0
 02245  2016   NtQueryInformationThread  (608, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff39000,Pid=896,Tid=500,}, 0x0, ) == 0x0
 02246  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82002, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82002, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\2\0\0\200\3\0\0\364\1\0\0" ... {28, 56, reply, 0, 896, 2016, 82003, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\2\0\0\200\3\0\0\364\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82003, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82002, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\2\0\0\200\3\0\0\364\1\0\0" ... {28, 56, reply, 0, 896, 2016, 82003, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\2\0\0\200\3\0\0\364\1\0\0" )  ) == 0x0
 02247  2016   NtResumeThread  (608, ... 1, ) == 0x0
 02248  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02249   500   NtWaitForSingleObject  (128, 0, 0x0, ...
 02248  2016   NtAllocateVirtualMemory  ... 138477568, 1048576, ) == 0x0
 02250  2016   NtAllocateVirtualMemory  (-1, 139517952, 0, 8192, 4096, 4, ... 139517952, 8192, ) == 0x0
 02251  2016   NtProtectVirtualMemory  (-1, (0x850e000), 4096, 260, ... (0x850e000), 4096, 4, ) == 0x0
 02252  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 612, {896, 248}, ) == 0x0
 02253  2016   NtQueryInformationThread  (612, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff38000,Pid=896,Tid=248,}, 0x0, ) == 0x0
 02254  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82003, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82003, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\2\0\0\200\3\0\0\370\0\0\0" ... {28, 56, reply, 0, 896, 2016, 82004, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\2\0\0\200\3\0\0\370\0\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82004, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82003, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\2\0\0\200\3\0\0\370\0\0\0" ... {28, 56, reply, 0, 896, 2016, 82004, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\2\0\0\200\3\0\0\370\0\0\0" )  ) == 0x0
 02255  2016   NtResumeThread  (612, ... 1, ) == 0x0
 02256  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 139526144, 1048576, ) == 0x0
 02257  2016   NtAllocateVirtualMemory  (-1, 140566528, 0, 8192, 4096, 4, ... 140566528, 8192, ) == 0x0
 02258   248   NtWaitForSingleObject  (128, 0, 0x0, ...
 02259  2016   NtProtectVirtualMemory  (-1, (0x860e000), 4096, 260, ... (0x860e000), 4096, 4, ) == 0x0
 02260  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 616, {896, 1884}, ) == 0x0
 02261  2016   NtQueryInformationThread  (616, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff37000,Pid=896,Tid=1884,}, 0x0, ) == 0x0
 02262  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82004, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82004, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\2\0\0\200\3\0\0\\7\0\0" ... {28, 56, reply, 0, 896, 2016, 82005, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\2\0\0\200\3\0\0\\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82005, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82004, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\2\0\0\200\3\0\0\\7\0\0" ... {28, 56, reply, 0, 896, 2016, 82005, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\2\0\0\200\3\0\0\\7\0\0" )  ) == 0x0
 02263  2016   NtResumeThread  (616, ... 1, ) == 0x0
 02264  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02265  1884   NtWaitForSingleObject  (128, 0, 0x0, ...
 02264  2016   NtAllocateVirtualMemory  ... 140574720, 1048576, ) == 0x0
 02266  2016   NtAllocateVirtualMemory  (-1, 141615104, 0, 8192, 4096, 4, ... 141615104, 8192, ) == 0x0
 02267  2016   NtProtectVirtualMemory  (-1, (0x870e000), 4096, 260, ... (0x870e000), 4096, 4, ) == 0x0
 02268  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 620, {896, 1308}, ) == 0x0
 02269  2016   NtQueryInformationThread  (620, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff36000,Pid=896,Tid=1308,}, 0x0, ) == 0x0
 02270  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82005, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82005, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\2\0\0\200\3\0\0\34\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82006, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\2\0\0\200\3\0\0\34\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82006, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82005, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\2\0\0\200\3\0\0\34\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82006, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\2\0\0\200\3\0\0\34\5\0\0" )  ) == 0x0
 02271  2016   NtResumeThread  (620, ... 1, ) == 0x0
 02272  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02273  1308   NtWaitForSingleObject  (128, 0, 0x0, ...
 02272  2016   NtAllocateVirtualMemory  ... 141623296, 1048576, ) == 0x0
 02274  2016   NtAllocateVirtualMemory  (-1, 142663680, 0, 8192, 4096, 4, ... 142663680, 8192, ) == 0x0
 02275  2016   NtProtectVirtualMemory  (-1, (0x880e000), 4096, 260, ... (0x880e000), 4096, 4, ) == 0x0
 02276  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 624, {896, 1676}, ) == 0x0
 02277  2016   NtQueryInformationThread  (624, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff35000,Pid=896,Tid=1676,}, 0x0, ) == 0x0
 02278  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82006, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82006, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\2\0\0\200\3\0\0\214\6\0\0" ... {28, 56, reply, 0, 896, 2016, 82007, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\2\0\0\200\3\0\0\214\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82007, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82006, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\2\0\0\200\3\0\0\214\6\0\0" ... {28, 56, reply, 0, 896, 2016, 82007, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\2\0\0\200\3\0\0\214\6\0\0" )  ) == 0x0
 02279  2016   NtResumeThread  (624, ... 1, ) == 0x0
 02280  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 142671872, 1048576, ) == 0x0
 02281  2016   NtAllocateVirtualMemory  (-1, 143712256, 0, 8192, 4096, 4, ... 143712256, 8192, ) == 0x0
 02282  1676   NtWaitForSingleObject  (128, 0, 0x0, ...
 02283  2016   NtProtectVirtualMemory  (-1, (0x890e000), 4096, 260, ... (0x890e000), 4096, 4, ) == 0x0
 02284  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 628, {896, 1620}, ) == 0x0
 02285  2016   NtQueryInformationThread  (628, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff34000,Pid=896,Tid=1620,}, 0x0, ) == 0x0
 02286  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82007, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82007, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\2\0\0\200\3\0\0T\6\0\0" ... {28, 56, reply, 0, 896, 2016, 82008, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\2\0\0\200\3\0\0T\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82008, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82007, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\2\0\0\200\3\0\0T\6\0\0" ... {28, 56, reply, 0, 896, 2016, 82008, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\2\0\0\200\3\0\0T\6\0\0" )  ) == 0x0
 02287  2016   NtResumeThread  (628, ... 1, ) == 0x0
 02288  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02289  1620   NtWaitForSingleObject  (128, 0, 0x0, ...
 02288  2016   NtAllocateVirtualMemory  ... 143720448, 1048576, ) == 0x0
 02290  2016   NtAllocateVirtualMemory  (-1, 144760832, 0, 8192, 4096, 4, ... 144760832, 8192, ) == 0x0
 02291  2016   NtProtectVirtualMemory  (-1, (0x8a0e000), 4096, 260, ... (0x8a0e000), 4096, 4, ) == 0x0
 02292  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 632, {896, 1296}, ) == 0x0
 02293  2016   NtQueryInformationThread  (632, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff33000,Pid=896,Tid=1296,}, 0x0, ) == 0x0
 02294  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82008, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82008, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\2\0\0\200\3\0\0\20\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82009, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\2\0\0\200\3\0\0\20\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82009, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82008, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\2\0\0\200\3\0\0\20\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82009, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\2\0\0\200\3\0\0\20\5\0\0" )  ) == 0x0
 02295  2016   NtResumeThread  (632, ... 1, ) == 0x0
 02296  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 144769024, 1048576, ) == 0x0
 02297  2016   NtAllocateVirtualMemory  (-1, 145809408, 0, 8192, 4096, 4, ... 145809408, 8192, ) == 0x0
 02298  1296   NtWaitForSingleObject  (128, 0, 0x0, ...
 02299  2016   NtProtectVirtualMemory  (-1, (0x8b0e000), 4096, 260, ... (0x8b0e000), 4096, 4, ) == 0x0
 02300  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 636, {896, 440}, ) == 0x0
 02301  2016   NtQueryInformationThread  (636, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff32000,Pid=896,Tid=440,}, 0x0, ) == 0x0
 02302  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82009, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82009, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\2\0\0\200\3\0\0\270\1\0\0" ... {28, 56, reply, 0, 896, 2016, 82010, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\2\0\0\200\3\0\0\270\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82010, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82009, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\2\0\0\200\3\0\0\270\1\0\0" ... {28, 56, reply, 0, 896, 2016, 82010, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\2\0\0\200\3\0\0\270\1\0\0" )  ) == 0x0
 02303  2016   NtResumeThread  (636, ... 1, ) == 0x0
 02304  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02305   440   NtWaitForSingleObject  (128, 0, 0x0, ...
 02304  2016   NtAllocateVirtualMemory  ... 145817600, 1048576, ) == 0x0
 02306  2016   NtAllocateVirtualMemory  (-1, 146857984, 0, 8192, 4096, 4, ... 146857984, 8192, ) == 0x0
 02307  2016   NtProtectVirtualMemory  (-1, (0x8c0e000), 4096, 260, ... (0x8c0e000), 4096, 4, ) == 0x0
 02308  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 640, {896, 1588}, ) == 0x0
 02309  2016   NtQueryInformationThread  (640, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff31000,Pid=896,Tid=1588,}, 0x0, ) == 0x0
 02310  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82010, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82010, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\2\0\0\200\3\0\04\6\0\0" ... {28, 56, reply, 0, 896, 2016, 82011, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\2\0\0\200\3\0\04\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82011, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82010, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\2\0\0\200\3\0\04\6\0\0" ... {28, 56, reply, 0, 896, 2016, 82011, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\2\0\0\200\3\0\04\6\0\0" )  ) == 0x0
 02311  2016   NtResumeThread  (640, ... 1, ) == 0x0
 02312  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 146866176, 1048576, ) == 0x0
 02313  2016   NtAllocateVirtualMemory  (-1, 147906560, 0, 8192, 4096, 4, ... 147906560, 8192, ) == 0x0
 02314  1588   NtWaitForSingleObject  (128, 0, 0x0, ...
 02315  2016   NtProtectVirtualMemory  (-1, (0x8d0e000), 4096, 260, ... (0x8d0e000), 4096, 4, ) == 0x0
 02316  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 644, {896, 2044}, ) == 0x0
 02317  2016   NtQueryInformationThread  (644, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff30000,Pid=896,Tid=2044,}, 0x0, ) == 0x0
 02318  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82011, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82011, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\2\0\0\200\3\0\0\374\7\0\0" ... {28, 56, reply, 0, 896, 2016, 82012, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\2\0\0\200\3\0\0\374\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82012, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82011, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\2\0\0\200\3\0\0\374\7\0\0" ... {28, 56, reply, 0, 896, 2016, 82012, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\2\0\0\200\3\0\0\374\7\0\0" )  ) == 0x0
 02319  2016   NtResumeThread  (644, ... 1, ) == 0x0
 02320  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 147914752, 1048576, ) == 0x0
 02321  2016   NtAllocateVirtualMemory  (-1, 148955136, 0, 8192, 4096, 4, ... 148955136, 8192, ) == 0x0
 02322  2044   NtWaitForSingleObject  (128, 0, 0x0, ...
 02323  2016   NtProtectVirtualMemory  (-1, (0x8e0e000), 4096, 260, ... (0x8e0e000), 4096, 4, ) == 0x0
 02324  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 648, {896, 588}, ) == 0x0
 02325  2016   NtQueryInformationThread  (648, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff2f000,Pid=896,Tid=588,}, 0x0, ) == 0x0
 02326  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82012, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82012, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\2\0\0\200\3\0\0L\2\0\0" ... {28, 56, reply, 0, 896, 2016, 82013, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\2\0\0\200\3\0\0L\2\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82013, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82012, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\2\0\0\200\3\0\0L\2\0\0" ... {28, 56, reply, 0, 896, 2016, 82013, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\2\0\0\200\3\0\0L\2\0\0" )  ) == 0x0
 02327  2016   NtResumeThread  (648, ... 1, ) == 0x0
 02328  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02329   588   NtWaitForSingleObject  (128, 0, 0x0, ...
 02328  2016   NtAllocateVirtualMemory  ... 148963328, 1048576, ) == 0x0
 02330  2016   NtAllocateVirtualMemory  (-1, 150003712, 0, 8192, 4096, 4, ... 150003712, 8192, ) == 0x0
 02331  2016   NtProtectVirtualMemory  (-1, (0x8f0e000), 4096, 260, ... (0x8f0e000), 4096, 4, ) == 0x0
 02332  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 652, {896, 1928}, ) == 0x0
 02333  2016   NtQueryInformationThread  (652, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff2e000,Pid=896,Tid=1928,}, 0x0, ) == 0x0
 02334  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82013, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82013, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\2\0\0\200\3\0\0\210\7\0\0" ... {28, 56, reply, 0, 896, 2016, 82014, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\2\0\0\200\3\0\0\210\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82014, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82013, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\2\0\0\200\3\0\0\210\7\0\0" ... {28, 56, reply, 0, 896, 2016, 82014, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\2\0\0\200\3\0\0\210\7\0\0" )  ) == 0x0
 02335  2016   NtResumeThread  (652, ... 1, ) == 0x0
 02336  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 150011904, 1048576, ) == 0x0
 02337  2016   NtAllocateVirtualMemory  (-1, 151052288, 0, 8192, 4096, 4, ... 151052288, 8192, ) == 0x0
 02338  1928   NtWaitForSingleObject  (128, 0, 0x0, ...
 02339  2016   NtProtectVirtualMemory  (-1, (0x900e000), 4096, 260, ... (0x900e000), 4096, 4, ) == 0x0
 02340  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 656, {896, 1376}, ) == 0x0
 02341  2016   NtQueryInformationThread  (656, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff2d000,Pid=896,Tid=1376,}, 0x0, ) == 0x0
 02342  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82014, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82014, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\2\0\0\200\3\0\0`\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82015, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\2\0\0\200\3\0\0`\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82015, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82014, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\2\0\0\200\3\0\0`\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82015, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\2\0\0\200\3\0\0`\5\0\0" )  ) == 0x0
 02343  2016   NtResumeThread  (656, ... 1, ) == 0x0
 02344  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02345  1376   NtWaitForSingleObject  (128, 0, 0x0, ...
 02344  2016   NtAllocateVirtualMemory  ... 151060480, 1048576, ) == 0x0
 02346  2016   NtAllocateVirtualMemory  (-1, 152100864, 0, 8192, 4096, 4, ... 152100864, 8192, ) == 0x0
 02347  2016   NtProtectVirtualMemory  (-1, (0x910e000), 4096, 260, ... (0x910e000), 4096, 4, ) == 0x0
 02348  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 660, {896, 1436}, ) == 0x0
 02349  2016   NtQueryInformationThread  (660, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff2c000,Pid=896,Tid=1436,}, 0x0, ) == 0x0
 02350  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82015, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82015, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\2\0\0\200\3\0\0\234\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82016, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\2\0\0\200\3\0\0\234\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82016, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82015, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\2\0\0\200\3\0\0\234\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82016, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\2\0\0\200\3\0\0\234\5\0\0" )  ) == 0x0
 02351  2016   NtResumeThread  (660, ... 1, ) == 0x0
 02352  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 152109056, 1048576, ) == 0x0
 02353  2016   NtAllocateVirtualMemory  (-1, 153149440, 0, 8192, 4096, 4, ... 153149440, 8192, ) == 0x0
 02354  1436   NtWaitForSingleObject  (128, 0, 0x0, ...
 02355  2016   NtProtectVirtualMemory  (-1, (0x920e000), 4096, 260, ... (0x920e000), 4096, 4, ) == 0x0
 02356  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 664, {896, 1368}, ) == 0x0
 02357  2016   NtQueryInformationThread  (664, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff2b000,Pid=896,Tid=1368,}, 0x0, ) == 0x0
 02358  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82016, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82016, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\2\0\0\200\3\0\0X\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82017, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\2\0\0\200\3\0\0X\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82017, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82016, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\2\0\0\200\3\0\0X\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82017, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\2\0\0\200\3\0\0X\5\0\0" )  ) == 0x0
 02359  2016   NtResumeThread  (664, ... 1, ) == 0x0
 02360  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02361  1368   NtWaitForSingleObject  (128, 0, 0x0, ...
 02360  2016   NtAllocateVirtualMemory  ... 153157632, 1048576, ) == 0x0
 02362  2016   NtAllocateVirtualMemory  (-1, 154198016, 0, 8192, 4096, 4, ... 154198016, 8192, ) == 0x0
 02363  2016   NtProtectVirtualMemory  (-1, (0x930e000), 4096, 260, ... (0x930e000), 4096, 4, ) == 0x0
 02364  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 668, {896, 724}, ) == 0x0
 02365  2016   NtQueryInformationThread  (668, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff2a000,Pid=896,Tid=724,}, 0x0, ) == 0x0
 02366  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82017, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82017, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\2\0\0\200\3\0\0\324\2\0\0" ... {28, 56, reply, 0, 896, 2016, 82018, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\2\0\0\200\3\0\0\324\2\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82018, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82017, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\2\0\0\200\3\0\0\324\2\0\0" ... {28, 56, reply, 0, 896, 2016, 82018, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\2\0\0\200\3\0\0\324\2\0\0" )  ) == 0x0
 02367  2016   NtResumeThread  (668, ... 1, ) == 0x0
 02368  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 154206208, 1048576, ) == 0x0
 02369  2016   NtAllocateVirtualMemory  (-1, 155246592, 0, 8192, 4096, 4, ... 155246592, 8192, ) == 0x0
 02370   724   NtWaitForSingleObject  (128, 0, 0x0, ...
 02371  2016   NtProtectVirtualMemory  (-1, (0x940e000), 4096, 260, ... (0x940e000), 4096, 4, ) == 0x0
 02372  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 672, {896, 1276}, ) == 0x0
 02373  2016   NtQueryInformationThread  (672, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff29000,Pid=896,Tid=1276,}, 0x0, ) == 0x0
 02374  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82018, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82018, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\2\0\0\200\3\0\0\374\4\0\0" ... {28, 56, reply, 0, 896, 2016, 82019, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\2\0\0\200\3\0\0\374\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82019, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82018, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\2\0\0\200\3\0\0\374\4\0\0" ... {28, 56, reply, 0, 896, 2016, 82019, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\2\0\0\200\3\0\0\374\4\0\0" )  ) == 0x0
 02375  2016   NtResumeThread  (672, ... 1, ) == 0x0
 02376  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02377  1276   NtWaitForSingleObject  (128, 0, 0x0, ...
 02376  2016   NtAllocateVirtualMemory  ... 155254784, 1048576, ) == 0x0
 02378  2016   NtAllocateVirtualMemory  (-1, 156295168, 0, 8192, 4096, 4, ... 156295168, 8192, ) == 0x0
 02379  2016   NtProtectVirtualMemory  (-1, (0x950e000), 4096, 260, ... (0x950e000), 4096, 4, ) == 0x0
 02380  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 676, {896, 220}, ) == 0x0
 02381  2016   NtQueryInformationThread  (676, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff28000,Pid=896,Tid=220,}, 0x0, ) == 0x0
 02382  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82019, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82019, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\2\0\0\200\3\0\0\334\0\0\0" ... {28, 56, reply, 0, 896, 2016, 82020, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\2\0\0\200\3\0\0\334\0\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82020, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82019, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\2\0\0\200\3\0\0\334\0\0\0" ... {28, 56, reply, 0, 896, 2016, 82020, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\2\0\0\200\3\0\0\334\0\0\0" )  ) == 0x0
 02383  2016   NtResumeThread  (676, ... 1, ) == 0x0
 02384  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 156303360, 1048576, ) == 0x0
 02385  2016   NtAllocateVirtualMemory  (-1, 157343744, 0, 8192, 4096, 4, ... 157343744, 8192, ) == 0x0
 02386   220   NtWaitForSingleObject  (128, 0, 0x0, ...
 02387  2016   NtProtectVirtualMemory  (-1, (0x960e000), 4096, 260, ... (0x960e000), 4096, 4, ) == 0x0
 02388  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 680, {896, 1328}, ) == 0x0
 02389  2016   NtQueryInformationThread  (680, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff27000,Pid=896,Tid=1328,}, 0x0, ) == 0x0
 02390  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82020, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82020, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\2\0\0\200\3\0\00\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82021, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\2\0\0\200\3\0\00\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82021, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82020, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\2\0\0\200\3\0\00\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82021, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\2\0\0\200\3\0\00\5\0\0" )  ) == 0x0
 02391  2016   NtResumeThread  (680, ... 1, ) == 0x0
 02392  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02393  1328   NtWaitForSingleObject  (128, 0, 0x0, ...
 02392  2016   NtAllocateVirtualMemory  ... 157351936, 1048576, ) == 0x0
 02394  2016   NtAllocateVirtualMemory  (-1, 158392320, 0, 8192, 4096, 4, ... 158392320, 8192, ) == 0x0
 02395  2016   NtProtectVirtualMemory  (-1, (0x970e000), 4096, 260, ... (0x970e000), 4096, 4, ) == 0x0
 02396  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 684, {896, 1636}, ) == 0x0
 02397  2016   NtQueryInformationThread  (684, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff26000,Pid=896,Tid=1636,}, 0x0, ) == 0x0
 02398  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82021, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82021, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\2\0\0\200\3\0\0d\6\0\0" ... {28, 56, reply, 0, 896, 2016, 82022, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\2\0\0\200\3\0\0d\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82022, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82021, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\2\0\0\200\3\0\0d\6\0\0" ... {28, 56, reply, 0, 896, 2016, 82022, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\2\0\0\200\3\0\0d\6\0\0" )  ) == 0x0
 02399  2016   NtResumeThread  (684, ... 1, ) == 0x0
 02400  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 158400512, 1048576, ) == 0x0
 02401  2016   NtAllocateVirtualMemory  (-1, 159440896, 0, 8192, 4096, 4, ... 159440896, 8192, ) == 0x0
 02402  1636   NtWaitForSingleObject  (128, 0, 0x0, ...
 02403  2016   NtProtectVirtualMemory  (-1, (0x980e000), 4096, 260, ... (0x980e000), 4096, 4, ) == 0x0
 02404  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 688, {896, 704}, ) == 0x0
 02405  2016   NtQueryInformationThread  (688, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff25000,Pid=896,Tid=704,}, 0x0, ) == 0x0
 02406  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82022, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82022, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\2\0\0\200\3\0\0\300\2\0\0" ... {28, 56, reply, 0, 896, 2016, 82023, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\2\0\0\200\3\0\0\300\2\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82023, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82022, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\2\0\0\200\3\0\0\300\2\0\0" ... {28, 56, reply, 0, 896, 2016, 82023, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\2\0\0\200\3\0\0\300\2\0\0" )  ) == 0x0
 02407  2016   NtResumeThread  (688, ... 1, ) == 0x0
 02408  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02409   704   NtWaitForSingleObject  (128, 0, 0x0, ...
 02408  2016   NtAllocateVirtualMemory  ... 159449088, 1048576, ) == 0x0
 02410  2016   NtAllocateVirtualMemory  (-1, 160489472, 0, 8192, 4096, 4, ... 160489472, 8192, ) == 0x0
 02411  2016   NtProtectVirtualMemory  (-1, (0x990e000), 4096, 260, ... (0x990e000), 4096, 4, ) == 0x0
 02412  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 692, {896, 1152}, ) == 0x0
 02413  2016   NtQueryInformationThread  (692, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff24000,Pid=896,Tid=1152,}, 0x0, ) == 0x0
 02414  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82023, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82023, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\2\0\0\200\3\0\0\200\4\0\0" ... {28, 56, reply, 0, 896, 2016, 82024, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\2\0\0\200\3\0\0\200\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82024, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82023, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\2\0\0\200\3\0\0\200\4\0\0" ... {28, 56, reply, 0, 896, 2016, 82024, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\2\0\0\200\3\0\0\200\4\0\0" )  ) == 0x0
 02415  2016   NtResumeThread  (692, ... 1, ) == 0x0
 02416  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02417  1152   NtWaitForSingleObject  (128, 0, 0x0, ...
 02416  2016   NtAllocateVirtualMemory  ... 160497664, 1048576, ) == 0x0
 02418  2016   NtAllocateVirtualMemory  (-1, 161538048, 0, 8192, 4096, 4, ... 161538048, 8192, ) == 0x0
 02419  2016   NtProtectVirtualMemory  (-1, (0x9a0e000), 4096, 260, ... (0x9a0e000), 4096, 4, ) == 0x0
 02420  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 696, {896, 1228}, ) == 0x0
 02421  2016   NtQueryInformationThread  (696, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff23000,Pid=896,Tid=1228,}, 0x0, ) == 0x0
 02422  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82024, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82024, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\2\0\0\200\3\0\0\314\4\0\0" ... {28, 56, reply, 0, 896, 2016, 82025, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\2\0\0\200\3\0\0\314\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82025, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82024, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\2\0\0\200\3\0\0\314\4\0\0" ... {28, 56, reply, 0, 896, 2016, 82025, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\2\0\0\200\3\0\0\314\4\0\0" )  ) == 0x0
 02423  2016   NtResumeThread  (696, ... 1, ) == 0x0
 02424  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 161546240, 1048576, ) == 0x0
 02425  2016   NtAllocateVirtualMemory  (-1, 162586624, 0, 8192, 4096, 4, ... 162586624, 8192, ) == 0x0
 02426  1228   NtWaitForSingleObject  (128, 0, 0x0, ...
 02427  2016   NtProtectVirtualMemory  (-1, (0x9b0e000), 4096, 260, ... (0x9b0e000), 4096, 4, ) == 0x0
 02428  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 700, {896, 792}, ) == 0x0
 02429  2016   NtQueryInformationThread  (700, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff22000,Pid=896,Tid=792,}, 0x0, ) == 0x0
 02430  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82025, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82025, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\2\0\0\200\3\0\0\30\3\0\0" ... {28, 56, reply, 0, 896, 2016, 82026, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\2\0\0\200\3\0\0\30\3\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82026, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82025, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\2\0\0\200\3\0\0\30\3\0\0" ... {28, 56, reply, 0, 896, 2016, 82026, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\2\0\0\200\3\0\0\30\3\0\0" )  ) == 0x0
 02431  2016   NtResumeThread  (700, ... 1, ) == 0x0
 02432  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02433   792   NtWaitForSingleObject  (128, 0, 0x0, ...
 02432  2016   NtAllocateVirtualMemory  ... 162594816, 1048576, ) == 0x0
 02434  2016   NtAllocateVirtualMemory  (-1, 163635200, 0, 8192, 4096, 4, ... 163635200, 8192, ) == 0x0
 02435  2016   NtProtectVirtualMemory  (-1, (0x9c0e000), 4096, 260, ... (0x9c0e000), 4096, 4, ) == 0x0
 02436  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 704, {896, 1484}, ) == 0x0
 02437  2016   NtQueryInformationThread  (704, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff21000,Pid=896,Tid=1484,}, 0x0, ) == 0x0
 02438  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82026, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82026, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\2\0\0\200\3\0\0\314\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82027, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\2\0\0\200\3\0\0\314\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82027, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82026, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\2\0\0\200\3\0\0\314\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82027, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\2\0\0\200\3\0\0\314\5\0\0" )  ) == 0x0
 02439  2016   NtResumeThread  (704, ... 1, ) == 0x0
 02440  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 163643392, 1048576, ) == 0x0
 02441  2016   NtAllocateVirtualMemory  (-1, 164683776, 0, 8192, 4096, 4, ... 164683776, 8192, ) == 0x0
 02442  1484   NtWaitForSingleObject  (128, 0, 0x0, ...
 02443  2016   NtProtectVirtualMemory  (-1, (0x9d0e000), 4096, 260, ... (0x9d0e000), 4096, 4, ) == 0x0
 02444  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 708, {896, 888}, ) == 0x0
 02445  2016   NtQueryInformationThread  (708, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff20000,Pid=896,Tid=888,}, 0x0, ) == 0x0
 02446  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82027, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82027, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\2\0\0\200\3\0\0x\3\0\0" ... {28, 56, reply, 0, 896, 2016, 82028, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\2\0\0\200\3\0\0x\3\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82028, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82027, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\2\0\0\200\3\0\0x\3\0\0" ... {28, 56, reply, 0, 896, 2016, 82028, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\2\0\0\200\3\0\0x\3\0\0" )  ) == 0x0
 02447  2016   NtResumeThread  (708, ... 1, ) == 0x0
 02448  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02449   888   NtWaitForSingleObject  (128, 0, 0x0, ...
 02448  2016   NtAllocateVirtualMemory  ... 164691968, 1048576, ) == 0x0
 02450  2016   NtAllocateVirtualMemory  (-1, 165732352, 0, 8192, 4096, 4, ... 165732352, 8192, ) == 0x0
 02451  2016   NtProtectVirtualMemory  (-1, (0x9e0e000), 4096, 260, ... (0x9e0e000), 4096, 4, ) == 0x0
 02452  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 712, {896, 1120}, ) == 0x0
 02453  2016   NtQueryInformationThread  (712, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff1f000,Pid=896,Tid=1120,}, 0x0, ) == 0x0
 02454  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82028, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82028, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\2\0\0\200\3\0\0`\4\0\0" ... {28, 56, reply, 0, 896, 2016, 82029, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\2\0\0\200\3\0\0`\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82029, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82028, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\2\0\0\200\3\0\0`\4\0\0" ... {28, 56, reply, 0, 896, 2016, 82029, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\2\0\0\200\3\0\0`\4\0\0" )  ) == 0x0
 02455  2016   NtResumeThread  (712, ... 1, ) == 0x0
 02456  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 165740544, 1048576, ) == 0x0
 02457  2016   NtAllocateVirtualMemory  (-1, 166780928, 0, 8192, 4096, 4, ... 166780928, 8192, ) == 0x0
 02458  1120   NtWaitForSingleObject  (128, 0, 0x0, ...
 02459  2016   NtProtectVirtualMemory  (-1, (0x9f0e000), 4096, 260, ... (0x9f0e000), 4096, 4, ) == 0x0
 02460  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 716, {896, 840}, ) == 0x0
 02461  2016   NtQueryInformationThread  (716, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff1e000,Pid=896,Tid=840,}, 0x0, ) == 0x0
 02462  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82029, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82029, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\2\0\0\200\3\0\0H\3\0\0" ... {28, 56, reply, 0, 896, 2016, 82030, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\2\0\0\200\3\0\0H\3\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82030, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82029, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\2\0\0\200\3\0\0H\3\0\0" ... {28, 56, reply, 0, 896, 2016, 82030, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\2\0\0\200\3\0\0H\3\0\0" )  ) == 0x0
 02463  2016   NtResumeThread  (716, ... 1, ) == 0x0
 02464  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02465   840   NtWaitForSingleObject  (128, 0, 0x0, ...
 02464  2016   NtAllocateVirtualMemory  ... 166789120, 1048576, ) == 0x0
 02466  2016   NtAllocateVirtualMemory  (-1, 167829504, 0, 8192, 4096, 4, ... 167829504, 8192, ) == 0x0
 02467  2016   NtProtectVirtualMemory  (-1, (0xa00e000), 4096, 260, ... (0xa00e000), 4096, 4, ) == 0x0
 02468  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 720, {896, 876}, ) == 0x0
 02469  2016   NtQueryInformationThread  (720, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff1d000,Pid=896,Tid=876,}, 0x0, ) == 0x0
 02470  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82030, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82030, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\2\0\0\200\3\0\0l\3\0\0" ... {28, 56, reply, 0, 896, 2016, 82031, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\2\0\0\200\3\0\0l\3\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82031, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82030, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\2\0\0\200\3\0\0l\3\0\0" ... {28, 56, reply, 0, 896, 2016, 82031, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\2\0\0\200\3\0\0l\3\0\0" )  ) == 0x0
 02471  2016   NtResumeThread  (720, ... 1, ) == 0x0
 02472  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 167837696, 1048576, ) == 0x0
 02473  2016   NtAllocateVirtualMemory  (-1, 168878080, 0, 8192, 4096, 4, ... 168878080, 8192, ) == 0x0
 02474   876   NtWaitForSingleObject  (128, 0, 0x0, ...
 02475  2016   NtProtectVirtualMemory  (-1, (0xa10e000), 4096, 260, ... (0xa10e000), 4096, 4, ) == 0x0
 02476  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 724, {896, 1104}, ) == 0x0
 02477  2016   NtQueryInformationThread  (724, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff1c000,Pid=896,Tid=1104,}, 0x0, ) == 0x0
 02478  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82031, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82031, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\2\0\0\200\3\0\0P\4\0\0" ... {28, 56, reply, 0, 896, 2016, 82032, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\2\0\0\200\3\0\0P\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82032, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82031, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\2\0\0\200\3\0\0P\4\0\0" ... {28, 56, reply, 0, 896, 2016, 82032, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\2\0\0\200\3\0\0P\4\0\0" )  ) == 0x0
 02479  2016   NtResumeThread  (724, ... 1, ) == 0x0
 02480  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02481  1104   NtWaitForSingleObject  (128, 0, 0x0, ...
 02480  2016   NtAllocateVirtualMemory  ... 168886272, 1048576, ) == 0x0
 02482  2016   NtAllocateVirtualMemory  (-1, 169926656, 0, 8192, 4096, 4, ... 169926656, 8192, ) == 0x0
 02483  2016   NtProtectVirtualMemory  (-1, (0xa20e000), 4096, 260, ... (0xa20e000), 4096, 4, ) == 0x0
 02484  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 728, {896, 860}, ) == 0x0
 02485  2016   NtQueryInformationThread  (728, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff1b000,Pid=896,Tid=860,}, 0x0, ) == 0x0
 02486  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82032, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82032, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\2\0\0\200\3\0\0\\3\0\0" ... {28, 56, reply, 0, 896, 2016, 82033, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\2\0\0\200\3\0\0\\3\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82033, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82032, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\2\0\0\200\3\0\0\\3\0\0" ... {28, 56, reply, 0, 896, 2016, 82033, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\2\0\0\200\3\0\0\\3\0\0" )  ) == 0x0
 02487  2016   NtResumeThread  (728, ... 1, ) == 0x0
 02488  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02489   860   NtWaitForSingleObject  (128, 0, 0x0, ...
 02488  2016   NtAllocateVirtualMemory  ... 169934848, 1048576, ) == 0x0
 02490  2016   NtAllocateVirtualMemory  (-1, 170975232, 0, 8192, 4096, 4, ... 170975232, 8192, ) == 0x0
 02491  2016   NtProtectVirtualMemory  (-1, (0xa30e000), 4096, 260, ... (0xa30e000), 4096, 4, ) == 0x0
 02492  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 732, {896, 1516}, ) == 0x0
 02493  2016   NtQueryInformationThread  (732, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff1a000,Pid=896,Tid=1516,}, 0x0, ) == 0x0
 02494  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82033, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82033, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\2\0\0\200\3\0\0\354\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82034, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\2\0\0\200\3\0\0\354\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82034, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82033, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\2\0\0\200\3\0\0\354\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82034, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\2\0\0\200\3\0\0\354\5\0\0" )  ) == 0x0
 02495  2016   NtResumeThread  (732, ... 1, ) == 0x0
 02496  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 170983424, 1048576, ) == 0x0
 02497  2016   NtAllocateVirtualMemory  (-1, 172023808, 0, 8192, 4096, 4, ... 172023808, 8192, ) == 0x0
 02498  1516   NtWaitForSingleObject  (128, 0, 0x0, ...
 02499  2016   NtProtectVirtualMemory  (-1, (0xa40e000), 4096, 260, ... (0xa40e000), 4096, 4, ) == 0x0
 02500  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 736, {896, 780}, ) == 0x0
 02501  2016   NtQueryInformationThread  (736, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff19000,Pid=896,Tid=780,}, 0x0, ) == 0x0
 02502  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82034, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82034, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\2\0\0\200\3\0\0\14\3\0\0" ... {28, 56, reply, 0, 896, 2016, 82035, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\2\0\0\200\3\0\0\14\3\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82035, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82034, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\2\0\0\200\3\0\0\14\3\0\0" ... {28, 56, reply, 0, 896, 2016, 82035, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\2\0\0\200\3\0\0\14\3\0\0" )  ) == 0x0
 02503  2016   NtResumeThread  (736, ... 1, ) == 0x0
 02504  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02505   780   NtWaitForSingleObject  (128, 0, 0x0, ...
 02504  2016   NtAllocateVirtualMemory  ... 172032000, 1048576, ) == 0x0
 02506  2016   NtAllocateVirtualMemory  (-1, 173072384, 0, 8192, 4096, 4, ... 173072384, 8192, ) == 0x0
 02507  2016   NtProtectVirtualMemory  (-1, (0xa50e000), 4096, 260, ... (0xa50e000), 4096, 4, ) == 0x0
 02508  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 740, {896, 940}, ) == 0x0
 02509  2016   NtQueryInformationThread  (740, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff18000,Pid=896,Tid=940,}, 0x0, ) == 0x0
 02510  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82035, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82035, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\2\0\0\200\3\0\0\254\3\0\0" ... {28, 56, reply, 0, 896, 2016, 82036, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\2\0\0\200\3\0\0\254\3\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82036, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82035, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\2\0\0\200\3\0\0\254\3\0\0" ... {28, 56, reply, 0, 896, 2016, 82036, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\2\0\0\200\3\0\0\254\3\0\0" )  ) == 0x0
 02511  2016   NtResumeThread  (740, ... 1, ) == 0x0
 02512  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 173080576, 1048576, ) == 0x0
 02513  2016   NtAllocateVirtualMemory  (-1, 174120960, 0, 8192, 4096, 4, ... 174120960, 8192, ) == 0x0
 02514   940   NtWaitForSingleObject  (128, 0, 0x0, ...
 02515  2016   NtProtectVirtualMemory  (-1, (0xa60e000), 4096, 260, ... (0xa60e000), 4096, 4, ) == 0x0
 02516  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 744, {896, 1268}, ) == 0x0
 02517  2016   NtQueryInformationThread  (744, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff17000,Pid=896,Tid=1268,}, 0x0, ) == 0x0
 02518  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82036, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82036, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\2\0\0\200\3\0\0\364\4\0\0" ... {28, 56, reply, 0, 896, 2016, 82037, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\2\0\0\200\3\0\0\364\4\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82037, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82036, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\2\0\0\200\3\0\0\364\4\0\0" ... {28, 56, reply, 0, 896, 2016, 82037, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\2\0\0\200\3\0\0\364\4\0\0" )  ) == 0x0
 02519  2016   NtResumeThread  (744, ... 1, ) == 0x0
 02520  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02521  1268   NtWaitForSingleObject  (128, 0, 0x0, ...
 02520  2016   NtAllocateVirtualMemory  ... 174129152, 1048576, ) == 0x0
 02522  2016   NtAllocateVirtualMemory  (-1, 175169536, 0, 8192, 4096, 4, ... 175169536, 8192, ) == 0x0
 02523  2016   NtProtectVirtualMemory  (-1, (0xa70e000), 4096, 260, ... (0xa70e000), 4096, 4, ) == 0x0
 02524  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 748, {896, 644}, ) == 0x0
 02525  2016   NtQueryInformationThread  (748, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff16000,Pid=896,Tid=644,}, 0x0, ) == 0x0
 02526  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82037, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82037, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\2\0\0\200\3\0\0\204\2\0\0" ... {28, 56, reply, 0, 896, 2016, 82038, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\2\0\0\200\3\0\0\204\2\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82038, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82037, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\2\0\0\200\3\0\0\204\2\0\0" ... {28, 56, reply, 0, 896, 2016, 82038, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\2\0\0\200\3\0\0\204\2\0\0" )  ) == 0x0
 02527  2016   NtResumeThread  (748, ... 1, ) == 0x0
 02528  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 175177728, 1048576, ) == 0x0
 02529  2016   NtAllocateVirtualMemory  (-1, 176218112, 0, 8192, 4096, 4, ... 176218112, 8192, ) == 0x0
 02530   644   NtWaitForSingleObject  (128, 0, 0x0, ...
 02531  2016   NtProtectVirtualMemory  (-1, (0xa80e000), 4096, 260, ... (0xa80e000), 4096, 4, ) == 0x0
 02532  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 752, {896, 1736}, ) == 0x0
 02533  2016   NtQueryInformationThread  (752, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff15000,Pid=896,Tid=1736,}, 0x0, ) == 0x0
 02534  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82038, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82038, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\2\0\0\200\3\0\0\310\6\0\0" ... {28, 56, reply, 0, 896, 2016, 82039, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\2\0\0\200\3\0\0\310\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82039, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82038, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\2\0\0\200\3\0\0\310\6\0\0" ... {28, 56, reply, 0, 896, 2016, 82039, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\2\0\0\200\3\0\0\310\6\0\0" )  ) == 0x0
 02535  2016   NtResumeThread  (752, ... 1, ) == 0x0
 02536  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02537  1736   NtWaitForSingleObject  (128, 0, 0x0, ...
 02536  2016   NtAllocateVirtualMemory  ... 176226304, 1048576, ) == 0x0
 02538  2016   NtAllocateVirtualMemory  (-1, 177266688, 0, 8192, 4096, 4, ... 177266688, 8192, ) == 0x0
 02539  2016   NtProtectVirtualMemory  (-1, (0xa90e000), 4096, 260, ... (0xa90e000), 4096, 4, ) == 0x0
 02540  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 756, {896, 320}, ) == 0x0
 02541  2016   NtQueryInformationThread  (756, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff14000,Pid=896,Tid=320,}, 0x0, ) == 0x0
 02542  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82039, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82039, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\2\0\0\200\3\0\0@\1\0\0" ... {28, 56, reply, 0, 896, 2016, 82040, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\2\0\0\200\3\0\0@\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82040, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82039, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\2\0\0\200\3\0\0@\1\0\0" ... {28, 56, reply, 0, 896, 2016, 82040, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\2\0\0\200\3\0\0@\1\0\0" )  ) == 0x0
 02543  2016   NtResumeThread  (756, ... 1, ) == 0x0
 02544  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 177274880, 1048576, ) == 0x0
 02545  2016   NtAllocateVirtualMemory  (-1, 178315264, 0, 8192, 4096, 4, ... 178315264, 8192, ) == 0x0
 02546   320   NtWaitForSingleObject  (128, 0, 0x0, ...
 02547  2016   NtProtectVirtualMemory  (-1, (0xaa0e000), 4096, 260, ... (0xaa0e000), 4096, 4, ) == 0x0
 02548  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 760, {896, 380}, ) == 0x0
 02549  2016   NtQueryInformationThread  (760, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff13000,Pid=896,Tid=380,}, 0x0, ) == 0x0
 02550  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82040, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82040, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\2\0\0\200\3\0\0|\1\0\0" ... {28, 56, reply, 0, 896, 2016, 82041, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\2\0\0\200\3\0\0|\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82041, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82040, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\2\0\0\200\3\0\0|\1\0\0" ... {28, 56, reply, 0, 896, 2016, 82041, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\2\0\0\200\3\0\0|\1\0\0" )  ) == 0x0
 02551  2016   NtResumeThread  (760, ... 1, ) == 0x0
 02552  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02553   380   NtWaitForSingleObject  (128, 0, 0x0, ...
 02552  2016   NtAllocateVirtualMemory  ... 178323456, 1048576, ) == 0x0
 02554  2016   NtAllocateVirtualMemory  (-1, 179363840, 0, 8192, 4096, 4, ... 179363840, 8192, ) == 0x0
 02555  2016   NtProtectVirtualMemory  (-1, (0xab0e000), 4096, 260, ... (0xab0e000), 4096, 4, ) == 0x0
 02556  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 764, {896, 1336}, ) == 0x0
 02557  2016   NtQueryInformationThread  (764, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff12000,Pid=896,Tid=1336,}, 0x0, ) == 0x0
 02558  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82041, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82041, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\2\0\0\200\3\0\08\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82042, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\2\0\0\200\3\0\08\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82042, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82041, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\2\0\0\200\3\0\08\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82042, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\2\0\0\200\3\0\08\5\0\0" )  ) == 0x0
 02559  2016   NtResumeThread  (764, ... 1, ) == 0x0
 02560  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 179372032, 1048576, ) == 0x0
 02561  2016   NtAllocateVirtualMemory  (-1, 180412416, 0, 8192, 4096, 4, ... 180412416, 8192, ) == 0x0
 02562  1336   NtWaitForSingleObject  (128, 0, 0x0, ...
 02563  2016   NtProtectVirtualMemory  (-1, (0xac0e000), 4096, 260, ... (0xac0e000), 4096, 4, ) == 0x0
 02564  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 768, {896, 1808}, ) == 0x0
 02565  2016   NtQueryInformationThread  (768, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff11000,Pid=896,Tid=1808,}, 0x0, ) == 0x0
 02566  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82042, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82042, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\3\0\0\200\3\0\0\20\7\0\0" ... {28, 56, reply, 0, 896, 2016, 82043, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\3\0\0\200\3\0\0\20\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82043, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82042, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\3\0\0\200\3\0\0\20\7\0\0" ... {28, 56, reply, 0, 896, 2016, 82043, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\3\0\0\200\3\0\0\20\7\0\0" )  ) == 0x0
 02567  2016   NtResumeThread  (768, ... 1, ) == 0x0
 02568  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02569  1808   NtWaitForSingleObject  (128, 0, 0x0, ...
 02568  2016   NtAllocateVirtualMemory  ... 180420608, 1048576, ) == 0x0
 02570  2016   NtAllocateVirtualMemory  (-1, 181460992, 0, 8192, 4096, 4, ... 181460992, 8192, ) == 0x0
 02571  2016   NtProtectVirtualMemory  (-1, (0xad0e000), 4096, 260, ... (0xad0e000), 4096, 4, ) == 0x0
 02572  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 772, {896, 468}, ) == 0x0
 02573  2016   NtQueryInformationThread  (772, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff10000,Pid=896,Tid=468,}, 0x0, ) == 0x0
 02574  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82043, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82043, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\3\0\0\200\3\0\0\324\1\0\0" ... {28, 56, reply, 0, 896, 2016, 82044, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\3\0\0\200\3\0\0\324\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82044, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82043, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\3\0\0\200\3\0\0\324\1\0\0" ... {28, 56, reply, 0, 896, 2016, 82044, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\3\0\0\200\3\0\0\324\1\0\0" )  ) == 0x0
 02575  2016   NtResumeThread  (772, ... 1, ) == 0x0
 02576  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 181469184, 1048576, ) == 0x0
 02577  2016   NtAllocateVirtualMemory  (-1, 182509568, 0, 8192, 4096, 4, ... 182509568, 8192, ) == 0x0
 02578   468   NtWaitForSingleObject  (128, 0, 0x0, ...
 02579  2016   NtProtectVirtualMemory  (-1, (0xae0e000), 4096, 260, ... (0xae0e000), 4096, 4, ) == 0x0
 02580  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 776, {896, 1332}, ) == 0x0
 02581  2016   NtQueryInformationThread  (776, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff0f000,Pid=896,Tid=1332,}, 0x0, ) == 0x0
 02582  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82044, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82044, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\3\0\0\200\3\0\04\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82045, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\3\0\0\200\3\0\04\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82045, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82044, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\3\0\0\200\3\0\04\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82045, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\3\0\0\200\3\0\04\5\0\0" )  ) == 0x0
 02583  2016   NtResumeThread  (776, ... 1, ) == 0x0
 02584  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 182517760, 1048576, ) == 0x0
 02585  2016   NtAllocateVirtualMemory  (-1, 183558144, 0, 8192, 4096, 4, ... 183558144, 8192, ) == 0x0
 02586  1332   NtWaitForSingleObject  (128, 0, 0x0, ...
 02587  2016   NtProtectVirtualMemory  (-1, (0xaf0e000), 4096, 260, ... (0xaf0e000), 4096, 4, ) == 0x0
 02588  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 780, {896, 752}, ) == 0x0
 02589  2016   NtQueryInformationThread  (780, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff0e000,Pid=896,Tid=752,}, 0x0, ) == 0x0
 02590  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82045, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82045, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\3\0\0\200\3\0\0\360\2\0\0" ... {28, 56, reply, 0, 896, 2016, 82046, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\3\0\0\200\3\0\0\360\2\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82046, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82045, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\3\0\0\200\3\0\0\360\2\0\0" ... {28, 56, reply, 0, 896, 2016, 82046, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\3\0\0\200\3\0\0\360\2\0\0" )  ) == 0x0
 02591  2016   NtResumeThread  (780, ... 1, ) == 0x0
 02592  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02593   752   NtWaitForSingleObject  (128, 0, 0x0, ...
 02592  2016   NtAllocateVirtualMemory  ... 183566336, 1048576, ) == 0x0
 02594  2016   NtAllocateVirtualMemory  (-1, 184606720, 0, 8192, 4096, 4, ... 184606720, 8192, ) == 0x0
 02595  2016   NtProtectVirtualMemory  (-1, (0xb00e000), 4096, 260, ... (0xb00e000), 4096, 4, ) == 0x0
 02596  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 784, {896, 1512}, ) == 0x0
 02597  2016   NtQueryInformationThread  (784, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff0d000,Pid=896,Tid=1512,}, 0x0, ) == 0x0
 02598  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82046, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82046, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\3\0\0\200\3\0\0\350\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82047, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\3\0\0\200\3\0\0\350\5\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82047, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82046, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\3\0\0\200\3\0\0\350\5\0\0" ... {28, 56, reply, 0, 896, 2016, 82047, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\3\0\0\200\3\0\0\350\5\0\0" )  ) == 0x0
 02599  2016   NtResumeThread  (784, ... 1, ) == 0x0
 02600  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 184614912, 1048576, ) == 0x0
 02601  2016   NtAllocateVirtualMemory  (-1, 185655296, 0, 8192, 4096, 4, ... 185655296, 8192, ) == 0x0
 02602  1512   NtWaitForSingleObject  (128, 0, 0x0, ...
 02603  2016   NtProtectVirtualMemory  (-1, (0xb10e000), 4096, 260, ... (0xb10e000), 4096, 4, ) == 0x0
 02604  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 788, {896, 1564}, ) == 0x0
 02605  2016   NtQueryInformationThread  (788, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff0c000,Pid=896,Tid=1564,}, 0x0, ) == 0x0
 02606  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82047, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82047, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\3\0\0\200\3\0\0\34\6\0\0" ... {28, 56, reply, 0, 896, 2016, 82048, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\3\0\0\200\3\0\0\34\6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82048, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82047, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\3\0\0\200\3\0\0\34\6\0\0" ... {28, 56, reply, 0, 896, 2016, 82048, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\3\0\0\200\3\0\0\34\6\0\0" )  ) == 0x0
 02607  2016   NtResumeThread  (788, ... 1, ) == 0x0
 02608  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02609  1564   NtWaitForSingleObject  (128, 0, 0x0, ...
 02608  2016   NtAllocateVirtualMemory  ... 185663488, 1048576, ) == 0x0
 02610  2016   NtAllocateVirtualMemory  (-1, 186703872, 0, 8192, 4096, 4, ... 186703872, 8192, ) == 0x0
 02611  2016   NtProtectVirtualMemory  (-1, (0xb20e000), 4096, 260, ... (0xb20e000), 4096, 4, ) == 0x0
 02612  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 792, {896, 164}, ) == 0x0
 02613  2016   NtQueryInformationThread  (792, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff0b000,Pid=896,Tid=164,}, 0x0, ) == 0x0
 02614  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82048, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82048, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\3\0\0\200\3\0\0\244\0\0\0" ... {28, 56, reply, 0, 896, 2016, 82049, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\3\0\0\200\3\0\0\244\0\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82049, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82048, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\3\0\0\200\3\0\0\244\0\0\0" ... {28, 56, reply, 0, 896, 2016, 82049, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\3\0\0\200\3\0\0\244\0\0\0" )  ) == 0x0
 02615  2016   NtResumeThread  (792, ... 1, ) == 0x0
 02616  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 186712064, 1048576, ) == 0x0
 02617  2016   NtAllocateVirtualMemory  (-1, 187752448, 0, 8192, 4096, 4, ... 187752448, 8192, ) == 0x0
 02618   164   NtWaitForSingleObject  (128, 0, 0x0, ...
 02619  2016   NtProtectVirtualMemory  (-1, (0xb30e000), 4096, 260, ... (0xb30e000), 4096, 4, ) == 0x0
 02620  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 796, {896, 312}, ) == 0x0
 02621  2016   NtQueryInformationThread  (796, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff0a000,Pid=896,Tid=312,}, 0x0, ) == 0x0
 02622  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82049, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82049, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\3\0\0\200\3\0\08\1\0\0" ... {28, 56, reply, 0, 896, 2016, 82050, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\3\0\0\200\3\0\08\1\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82050, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82049, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\3\0\0\200\3\0\08\1\0\0" ... {28, 56, reply, 0, 896, 2016, 82050, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\3\0\0\200\3\0\08\1\0\0" )  ) == 0x0
 02623  2016   NtResumeThread  (796, ... 1, ) == 0x0
 02624  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 187760640, 1048576, ) == 0x0
 02625  2016   NtAllocateVirtualMemory  (-1, 188801024, 0, 8192, 4096, 4, ... 188801024, 8192, ) == 0x0
 02626   312   NtWaitForSingleObject  (128, 0, 0x0, ...
 02627  2016   NtProtectVirtualMemory  (-1, (0xb40e000), 4096, 260, ... (0xb40e000), 4096, 4, ) == 0x0
 02628  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 800, {896, 1964}, ) == 0x0
 02629  2016   NtQueryInformationThread  (800, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff09000,Pid=896,Tid=1964,}, 0x0, ) == 0x0
 02630  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82050, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82050, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \3\0\0\200\3\0\0\254\7\0\0" ... {28, 56, reply, 0, 896, 2016, 82051, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \3\0\0\200\3\0\0\254\7\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82051, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82050, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \3\0\0\200\3\0\0\254\7\0\0" ... {28, 56, reply, 0, 896, 2016, 82051, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \3\0\0\200\3\0\0\254\7\0\0" )  ) == 0x0
 02631  2016   NtResumeThread  (800, ... 1, ) == 0x0
 02632  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02633  1964   NtWaitForSingleObject  (128, 0, 0x0, ...
 02632  2016   NtAllocateVirtualMemory  ... 188809216, 1048576, ) == 0x0
 02634  2016   NtAllocateVirtualMemory  (-1, 189849600, 0, 8192, 4096, 4, ... 189849600, 8192, ) == 0x0
 02635  2016   NtProtectVirtualMemory  (-1, (0xb50e000), 4096, 260, ... (0xb50e000), 4096, 4, ) == 0x0
 02636  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 804, {896, 1568}, ) == 0x0
 02637  2016   NtQueryInformationThread  (804, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff08000,Pid=896,Tid=1568,}, 0x0, ) == 0x0
 02638  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82051, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82051, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\3\0\0\200\3\0\0 \6\0\0" ... {28, 56, reply, 0, 896, 2016, 82052, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\3\0\0\200\3\0\0 \6\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82052, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82051, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\3\0\0\200\3\0\0 \6\0\0" ... {28, 56, reply, 0, 896, 2016, 82052, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\3\0\0\200\3\0\0 \6\0\0" )  ) == 0x0
 02639  2016   NtResumeThread  (804, ... 1, ) == 0x0
 02640  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 189857792, 1048576, ) == 0x0
 02641  2016   NtAllocateVirtualMemory  (-1, 190898176, 0, 8192, 4096, 4, ... 190898176, 8192, ) == 0x0
 02642  1568   NtWaitForSingleObject  (128, 0, 0x0, ...
 02643  2016   NtProtectVirtualMemory  (-1, (0xb60e000), 4096, 260, ... (0xb60e000), 4096, 4, ) == 0x0
 02644  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 808, {896, 2052}, ) == 0x0
 02645  2016   NtQueryInformationThread  (808, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff07000,Pid=896,Tid=2052,}, 0x0, ) == 0x0
 02646  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82052, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82052, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\3\0\0\200\3\0\0\4\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82053, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\3\0\0\200\3\0\0\4\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82053, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82052, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\3\0\0\200\3\0\0\4\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82053, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\3\0\0\200\3\0\0\4\10\0\0" )  ) == 0x0
 02647  2016   NtResumeThread  (808, ... 1, ) == 0x0
 02648  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02649  2052   NtWaitForSingleObject  (128, 0, 0x0, ...
 02648  2016   NtAllocateVirtualMemory  ... 190906368, 1048576, ) == 0x0
 02650  2016   NtAllocateVirtualMemory  (-1, 191946752, 0, 8192, 4096, 4, ... 191946752, 8192, ) == 0x0
 02651  2016   NtProtectVirtualMemory  (-1, (0xb70e000), 4096, 260, ... (0xb70e000), 4096, 4, ) == 0x0
 02652  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 812, {896, 2056}, ) == 0x0
 02653  2016   NtQueryInformationThread  (812, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff06000,Pid=896,Tid=2056,}, 0x0, ) == 0x0
 02654  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82053, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82053, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\3\0\0\200\3\0\0\10\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82054, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\3\0\0\200\3\0\0\10\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82054, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82053, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\3\0\0\200\3\0\0\10\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82054, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\3\0\0\200\3\0\0\10\10\0\0" )  ) == 0x0
 02655  2016   NtResumeThread  (812, ... 1, ) == 0x0
 02656  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 191954944, 1048576, ) == 0x0
 02657  2016   NtAllocateVirtualMemory  (-1, 192995328, 0, 8192, 4096, 4, ... 192995328, 8192, ) == 0x0
 02658  2056   NtWaitForSingleObject  (128, 0, 0x0, ...
 02659  2016   NtProtectVirtualMemory  (-1, (0xb80e000), 4096, 260, ... (0xb80e000), 4096, 4, ) == 0x0
 02660  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 816, {896, 2060}, ) == 0x0
 02661  2016   NtQueryInformationThread  (816, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff05000,Pid=896,Tid=2060,}, 0x0, ) == 0x0
 02662  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82054, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82054, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\3\0\0\200\3\0\0\14\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82055, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\3\0\0\200\3\0\0\14\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82055, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82054, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\3\0\0\200\3\0\0\14\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82055, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\3\0\0\200\3\0\0\14\10\0\0" )  ) == 0x0
 02663  2016   NtResumeThread  (816, ... 1, ) == 0x0
 02664  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02665  2060   NtWaitForSingleObject  (128, 0, 0x0, ...
 02664  2016   NtAllocateVirtualMemory  ... 193003520, 1048576, ) == 0x0
 02666  2016   NtAllocateVirtualMemory  (-1, 194043904, 0, 8192, 4096, 4, ... 194043904, 8192, ) == 0x0
 02667  2016   NtProtectVirtualMemory  (-1, (0xb90e000), 4096, 260, ... (0xb90e000), 4096, 4, ) == 0x0
 02668  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 820, {896, 2064}, ) == 0x0
 02669  2016   NtQueryInformationThread  (820, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff04000,Pid=896,Tid=2064,}, 0x0, ) == 0x0
 02670  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82055, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82055, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\3\0\0\200\3\0\0\20\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82056, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\3\0\0\200\3\0\0\20\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82056, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82055, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\3\0\0\200\3\0\0\20\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82056, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\3\0\0\200\3\0\0\20\10\0\0" )  ) == 0x0
 02671  2016   NtResumeThread  (820, ... 1, ) == 0x0
 02672  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 194052096, 1048576, ) == 0x0
 02673  2016   NtAllocateVirtualMemory  (-1, 195092480, 0, 8192, 4096, 4, ... 195092480, 8192, ) == 0x0
 02674  2064   NtWaitForSingleObject  (128, 0, 0x0, ...
 02675  2016   NtProtectVirtualMemory  (-1, (0xba0e000), 4096, 260, ... (0xba0e000), 4096, 4, ) == 0x0
 02676  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 824, {896, 2068}, ) == 0x0
 02677  2016   NtQueryInformationThread  (824, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff03000,Pid=896,Tid=2068,}, 0x0, ) == 0x0
 02678  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82056, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82056, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\3\0\0\200\3\0\0\24\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82057, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\3\0\0\200\3\0\0\24\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82057, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82056, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\3\0\0\200\3\0\0\24\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82057, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\3\0\0\200\3\0\0\24\10\0\0" )  ) == 0x0
 02679  2016   NtResumeThread  (824, ... 1, ) == 0x0
 02680  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02681  2068   NtWaitForSingleObject  (128, 0, 0x0, ...
 02680  2016   NtAllocateVirtualMemory  ... 195100672, 1048576, ) == 0x0
 02682  2016   NtAllocateVirtualMemory  (-1, 196141056, 0, 8192, 4096, 4, ... 196141056, 8192, ) == 0x0
 02683  2016   NtProtectVirtualMemory  (-1, (0xbb0e000), 4096, 260, ... (0xbb0e000), 4096, 4, ) == 0x0
 02684  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 828, {896, 2072}, ) == 0x0
 02685  2016   NtQueryInformationThread  (828, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff02000,Pid=896,Tid=2072,}, 0x0, ) == 0x0
 02686  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82057, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82057, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\3\0\0\200\3\0\0\30\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82058, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\3\0\0\200\3\0\0\30\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82058, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82057, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\3\0\0\200\3\0\0\30\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82058, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\3\0\0\200\3\0\0\30\10\0\0" )  ) == 0x0
 02687  2016   NtResumeThread  (828, ... 1, ) == 0x0
 02688  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 196149248, 1048576, ) == 0x0
 02689  2016   NtAllocateVirtualMemory  (-1, 197189632, 0, 8192, 4096, 4, ... 197189632, 8192, ) == 0x0
 02690  2072   NtWaitForSingleObject  (128, 0, 0x0, ...
 02691  2016   NtProtectVirtualMemory  (-1, (0xbc0e000), 4096, 260, ... (0xbc0e000), 4096, 4, ) == 0x0
 02692  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 832, {896, 2076}, ) == 0x0
 02693  2016   NtQueryInformationThread  (832, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff01000,Pid=896,Tid=2076,}, 0x0, ) == 0x0
 02694  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82058, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82058, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\3\0\0\200\3\0\0\34\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82059, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\3\0\0\200\3\0\0\34\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82059, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82058, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\3\0\0\200\3\0\0\34\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82059, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\3\0\0\200\3\0\0\34\10\0\0" )  ) == 0x0
 02695  2016   NtResumeThread  (832, ... 1, ) == 0x0
 02696  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02697  2076   NtWaitForSingleObject  (128, 0, 0x0, ...
 02696  2016   NtAllocateVirtualMemory  ... 197197824, 1048576, ) == 0x0
 02698  2016   NtAllocateVirtualMemory  (-1, 198238208, 0, 8192, 4096, 4, ... 198238208, 8192, ) == 0x0
 02699  2016   NtProtectVirtualMemory  (-1, (0xbd0e000), 4096, 260, ... (0xbd0e000), 4096, 4, ) == 0x0
 02700  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 836, {896, 2080}, ) == 0x0
 02701  2016   NtQueryInformationThread  (836, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff00000,Pid=896,Tid=2080,}, 0x0, ) == 0x0
 02702  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82059, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82059, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\3\0\0\200\3\0\0 \10\0\0" ... {28, 56, reply, 0, 896, 2016, 82060, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\3\0\0\200\3\0\0 \10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82060, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82059, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\3\0\0\200\3\0\0 \10\0\0" ... {28, 56, reply, 0, 896, 2016, 82060, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\3\0\0\200\3\0\0 \10\0\0" )  ) == 0x0
 02703  2016   NtResumeThread  (836, ... 1, ) == 0x0
 02704  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 198246400, 1048576, ) == 0x0
 02705  2016   NtAllocateVirtualMemory  (-1, 199286784, 0, 8192, 4096, 4, ... 199286784, 8192, ) == 0x0
 02706  2080   NtWaitForSingleObject  (128, 0, 0x0, ...
 02707  2016   NtProtectVirtualMemory  (-1, (0xbe0e000), 4096, 260, ... (0xbe0e000), 4096, 4, ) == 0x0
 02708  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 840, {896, 2084}, ) == 0x0
 02709  2016   NtQueryInformationThread  (840, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feff000,Pid=896,Tid=2084,}, 0x0, ) == 0x0
 02710  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82060, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82060, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\3\0\0\200\3\0\0$\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82061, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\3\0\0\200\3\0\0$\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82061, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82060, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\3\0\0\200\3\0\0$\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82061, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\3\0\0\200\3\0\0$\10\0\0" )  ) == 0x0
 02711  2016   NtResumeThread  (840, ... 1, ) == 0x0
 02712  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02713  2084   NtWaitForSingleObject  (128, 0, 0x0, ...
 02712  2016   NtAllocateVirtualMemory  ... 199294976, 1048576, ) == 0x0
 02714  2016   NtAllocateVirtualMemory  (-1, 200335360, 0, 8192, 4096, 4, ... 200335360, 8192, ) == 0x0
 02715  2016   NtProtectVirtualMemory  (-1, (0xbf0e000), 4096, 260, ... (0xbf0e000), 4096, 4, ) == 0x0
 02716  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 844, {896, 2088}, ) == 0x0
 02717  2016   NtQueryInformationThread  (844, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fefe000,Pid=896,Tid=2088,}, 0x0, ) == 0x0
 02718  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82061, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82061, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\3\0\0\200\3\0\0(\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82062, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\3\0\0\200\3\0\0(\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82062, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82061, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\3\0\0\200\3\0\0(\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82062, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\3\0\0\200\3\0\0(\10\0\0" )  ) == 0x0
 02719  2016   NtResumeThread  (844, ... 1, ) == 0x0
 02720  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 200343552, 1048576, ) == 0x0
 02721  2016   NtAllocateVirtualMemory  (-1, 201383936, 0, 8192, 4096, 4, ... 201383936, 8192, ) == 0x0
 02722  2088   NtWaitForSingleObject  (128, 0, 0x0, ...
 02723  2016   NtProtectVirtualMemory  (-1, (0xc00e000), 4096, 260, ... (0xc00e000), 4096, 4, ) == 0x0
 02724  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 848, {896, 2092}, ) == 0x0
 02725  2016   NtQueryInformationThread  (848, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fefd000,Pid=896,Tid=2092,}, 0x0, ) == 0x0
 02726  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82062, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82062, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\3\0\0\200\3\0\0,\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82063, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\3\0\0\200\3\0\0,\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82063, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82062, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\3\0\0\200\3\0\0,\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82063, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\3\0\0\200\3\0\0,\10\0\0" )  ) == 0x0
 02727  2016   NtResumeThread  (848, ... 1, ) == 0x0
 02728  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02729  2092   NtWaitForSingleObject  (128, 0, 0x0, ...
 02728  2016   NtAllocateVirtualMemory  ... 201392128, 1048576, ) == 0x0
 02730  2016   NtAllocateVirtualMemory  (-1, 202432512, 0, 8192, 4096, 4, ... 202432512, 8192, ) == 0x0
 02731  2016   NtProtectVirtualMemory  (-1, (0xc10e000), 4096, 260, ... (0xc10e000), 4096, 4, ) == 0x0
 02732  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 852, {896, 2096}, ) == 0x0
 02733  2016   NtQueryInformationThread  (852, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fefc000,Pid=896,Tid=2096,}, 0x0, ) == 0x0
 02734  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82063, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82063, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\3\0\0\200\3\0\00\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82064, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\3\0\0\200\3\0\00\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82064, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82063, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\3\0\0\200\3\0\00\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82064, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\3\0\0\200\3\0\00\10\0\0" )  ) == 0x0
 02735  2016   NtResumeThread  (852, ... 1, ) == 0x0
 02736  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 202440704, 1048576, ) == 0x0
 02737  2016   NtAllocateVirtualMemory  (-1, 203481088, 0, 8192, 4096, 4, ... 203481088, 8192, ) == 0x0
 02738  2096   NtWaitForSingleObject  (128, 0, 0x0, ...
 02739  2016   NtProtectVirtualMemory  (-1, (0xc20e000), 4096, 260, ... (0xc20e000), 4096, 4, ) == 0x0
 02740  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 856, {896, 2100}, ) == 0x0
 02741  2016   NtQueryInformationThread  (856, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fefb000,Pid=896,Tid=2100,}, 0x0, ) == 0x0
 02742  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82064, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82064, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\3\0\0\200\3\0\04\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82065, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\3\0\0\200\3\0\04\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82065, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82064, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\3\0\0\200\3\0\04\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82065, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\3\0\0\200\3\0\04\10\0\0" )  ) == 0x0
 02743  2016   NtResumeThread  (856, ... 1, ) == 0x0
 02744  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02745  2100   NtWaitForSingleObject  (128, 0, 0x0, ...
 02744  2016   NtAllocateVirtualMemory  ... 203489280, 1048576, ) == 0x0
 02746  2016   NtAllocateVirtualMemory  (-1, 204529664, 0, 8192, 4096, 4, ... 204529664, 8192, ) == 0x0
 02747  2016   NtProtectVirtualMemory  (-1, (0xc30e000), 4096, 260, ... (0xc30e000), 4096, 4, ) == 0x0
 02748  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 860, {896, 2104}, ) == 0x0
 02749  2016   NtQueryInformationThread  (860, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fefa000,Pid=896,Tid=2104,}, 0x0, ) == 0x0
 02750  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82065, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82065, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\3\0\0\200\3\0\08\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82066, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\3\0\0\200\3\0\08\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82066, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82065, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\3\0\0\200\3\0\08\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82066, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\3\0\0\200\3\0\08\10\0\0" )  ) == 0x0
 02751  2016   NtResumeThread  (860, ... 1, ) == 0x0
 02752  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 204537856, 1048576, ) == 0x0
 02753  2016   NtAllocateVirtualMemory  (-1, 205578240, 0, 8192, 4096, 4, ... 205578240, 8192, ) == 0x0
 02754  2104   NtWaitForSingleObject  (128, 0, 0x0, ...
 02755  2016   NtProtectVirtualMemory  (-1, (0xc40e000), 4096, 260, ... (0xc40e000), 4096, 4, ) == 0x0
 02756  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 864, {896, 2108}, ) == 0x0
 02757  2016   NtQueryInformationThread  (864, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef9000,Pid=896,Tid=2108,}, 0x0, ) == 0x0
 02758  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82066, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82066, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\3\0\0\200\3\0\0<\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82067, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\3\0\0\200\3\0\0<\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82067, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82066, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\3\0\0\200\3\0\0<\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82067, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\3\0\0\200\3\0\0<\10\0\0" )  ) == 0x0
 02759  2016   NtResumeThread  (864, ... 1, ) == 0x0
 02760  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02761  2108   NtWaitForSingleObject  (128, 0, 0x0, ...
 02760  2016   NtAllocateVirtualMemory  ... 205586432, 1048576, ) == 0x0
 02762  2016   NtAllocateVirtualMemory  (-1, 206626816, 0, 8192, 4096, 4, ... 206626816, 8192, ) == 0x0
 02763  2016   NtProtectVirtualMemory  (-1, (0xc50e000), 4096, 260, ... (0xc50e000), 4096, 4, ) == 0x0
 02764  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 868, {896, 2112}, ) == 0x0
 02765  2016   NtQueryInformationThread  (868, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef8000,Pid=896,Tid=2112,}, 0x0, ) == 0x0
 02766  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82067, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82067, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\3\0\0\200\3\0\0@\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82068, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\3\0\0\200\3\0\0@\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82068, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82067, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\3\0\0\200\3\0\0@\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82068, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\3\0\0\200\3\0\0@\10\0\0" )  ) == 0x0
 02767  2016   NtResumeThread  (868, ... 1, ) == 0x0
 02768  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 206635008, 1048576, ) == 0x0
 02769  2016   NtAllocateVirtualMemory  (-1, 207675392, 0, 8192, 4096, 4, ... 207675392, 8192, ) == 0x0
 02770  2112   NtWaitForSingleObject  (128, 0, 0x0, ...
 02771  2016   NtProtectVirtualMemory  (-1, (0xc60e000), 4096, 260, ... (0xc60e000), 4096, 4, ) == 0x0
 02772  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 872, {896, 2116}, ) == 0x0
 02773  2016   NtQueryInformationThread  (872, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef7000,Pid=896,Tid=2116,}, 0x0, ) == 0x0
 02774  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82068, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82068, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\3\0\0\200\3\0\0D\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82069, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\3\0\0\200\3\0\0D\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82069, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82068, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\3\0\0\200\3\0\0D\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82069, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\3\0\0\200\3\0\0D\10\0\0" )  ) == 0x0
 02775  2016   NtResumeThread  (872, ... 1, ) == 0x0
 02776  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 207683584, 1048576, ) == 0x0
 02777  2016   NtAllocateVirtualMemory  (-1, 208723968, 0, 8192, 4096, 4, ... 208723968, 8192, ) == 0x0
 02778  2116   NtWaitForSingleObject  (128, 0, 0x0, ...
 02779  2016   NtProtectVirtualMemory  (-1, (0xc70e000), 4096, 260, ... (0xc70e000), 4096, 4, ) == 0x0
 02780  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 876, {896, 2120}, ) == 0x0
 02781  2016   NtQueryInformationThread  (876, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef6000,Pid=896,Tid=2120,}, 0x0, ) == 0x0
 02782  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82069, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82069, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\3\0\0\200\3\0\0H\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82070, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\3\0\0\200\3\0\0H\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82070, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82069, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\3\0\0\200\3\0\0H\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82070, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\3\0\0\200\3\0\0H\10\0\0" )  ) == 0x0
 02783  2016   NtResumeThread  (876, ... 1, ) == 0x0
 02784  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02785  2120   NtWaitForSingleObject  (128, 0, 0x0, ...
 02784  2016   NtAllocateVirtualMemory  ... 208732160, 1048576, ) == 0x0
 02786  2016   NtAllocateVirtualMemory  (-1, 209772544, 0, 8192, 4096, 4, ... 209772544, 8192, ) == 0x0
 02787  2016   NtProtectVirtualMemory  (-1, (0xc80e000), 4096, 260, ... (0xc80e000), 4096, 4, ) == 0x0
 02788  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 880, {896, 2124}, ) == 0x0
 02789  2016   NtQueryInformationThread  (880, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef5000,Pid=896,Tid=2124,}, 0x0, ) == 0x0
 02790  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82070, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82070, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\3\0\0\200\3\0\0L\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82071, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\3\0\0\200\3\0\0L\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82071, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82070, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\3\0\0\200\3\0\0L\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82071, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\3\0\0\200\3\0\0L\10\0\0" )  ) == 0x0
 02791  2016   NtResumeThread  (880, ... 1, ) == 0x0
 02792  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 209780736, 1048576, ) == 0x0
 02793  2016   NtAllocateVirtualMemory  (-1, 210821120, 0, 8192, 4096, 4, ... 210821120, 8192, ) == 0x0
 02794  2124   NtWaitForSingleObject  (128, 0, 0x0, ...
 02795  2016   NtProtectVirtualMemory  (-1, (0xc90e000), 4096, 260, ... (0xc90e000), 4096, 4, ) == 0x0
 02796  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 884, {896, 2128}, ) == 0x0
 02797  2016   NtQueryInformationThread  (884, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef4000,Pid=896,Tid=2128,}, 0x0, ) == 0x0
 02798  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82071, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82071, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\3\0\0\200\3\0\0P\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82072, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\3\0\0\200\3\0\0P\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82072, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82071, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\3\0\0\200\3\0\0P\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82072, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\3\0\0\200\3\0\0P\10\0\0" )  ) == 0x0
 02799  2016   NtResumeThread  (884, ... 1, ) == 0x0
 02800  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02801  2128   NtWaitForSingleObject  (128, 0, 0x0, ...
 02800  2016   NtAllocateVirtualMemory  ... 210829312, 1048576, ) == 0x0
 02802  2016   NtAllocateVirtualMemory  (-1, 211869696, 0, 8192, 4096, 4, ... 211869696, 8192, ) == 0x0
 02803  2016   NtProtectVirtualMemory  (-1, (0xca0e000), 4096, 260, ... (0xca0e000), 4096, 4, ) == 0x0
 02804  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 888, {896, 2132}, ) == 0x0
 02805  2016   NtQueryInformationThread  (888, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef3000,Pid=896,Tid=2132,}, 0x0, ) == 0x0
 02806  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82072, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82072, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\3\0\0\200\3\0\0T\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82073, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\3\0\0\200\3\0\0T\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82073, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82072, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\3\0\0\200\3\0\0T\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82073, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\3\0\0\200\3\0\0T\10\0\0" )  ) == 0x0
 02807  2016   NtResumeThread  (888, ... 1, ) == 0x0
 02808  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 211877888, 1048576, ) == 0x0
 02809  2016   NtAllocateVirtualMemory  (-1, 212918272, 0, 8192, 4096, 4, ... 212918272, 8192, ) == 0x0
 02810  2132   NtWaitForSingleObject  (128, 0, 0x0, ...
 02811  2016   NtProtectVirtualMemory  (-1, (0xcb0e000), 4096, 260, ... (0xcb0e000), 4096, 4, ) == 0x0
 02812  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 892, {896, 2136}, ) == 0x0
 02813  2016   NtQueryInformationThread  (892, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef2000,Pid=896,Tid=2136,}, 0x0, ) == 0x0
 02814  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82073, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82073, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\3\0\0\200\3\0\0X\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82074, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\3\0\0\200\3\0\0X\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82074, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82073, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\3\0\0\200\3\0\0X\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82074, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\3\0\0\200\3\0\0X\10\0\0" )  ) == 0x0
 02815  2016   NtResumeThread  (892, ... 1, ) == 0x0
 02816  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02817  2136   NtWaitForSingleObject  (128, 0, 0x0, ...
 02816  2016   NtAllocateVirtualMemory  ... 212926464, 1048576, ) == 0x0
 02818  2016   NtAllocateVirtualMemory  (-1, 213966848, 0, 8192, 4096, 4, ... 213966848, 8192, ) == 0x0
 02819  2016   NtProtectVirtualMemory  (-1, (0xcc0e000), 4096, 260, ... (0xcc0e000), 4096, 4, ) == 0x0
 02820  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 896, {896, 2140}, ) == 0x0
 02821  2016   NtQueryInformationThread  (896, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef1000,Pid=896,Tid=2140,}, 0x0, ) == 0x0
 02822  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82074, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82074, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\3\0\0\200\3\0\0\\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82075, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\3\0\0\200\3\0\0\\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82075, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82074, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\3\0\0\200\3\0\0\\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82075, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\3\0\0\200\3\0\0\\10\0\0" )  ) == 0x0
 02823  2016   NtResumeThread  (896, ... 1, ) == 0x0
 02824  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 213975040, 1048576, ) == 0x0
 02825  2016   NtAllocateVirtualMemory  (-1, 215015424, 0, 8192, 4096, 4, ... 215015424, 8192, ) == 0x0
 02826  2140   NtWaitForSingleObject  (128, 0, 0x0, ...
 02827  2016   NtProtectVirtualMemory  (-1, (0xcd0e000), 4096, 260, ... (0xcd0e000), 4096, 4, ) == 0x0
 02828  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 900, {896, 2144}, ) == 0x0
 02829  2016   NtQueryInformationThread  (900, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef0000,Pid=896,Tid=2144,}, 0x0, ) == 0x0
 02830  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82075, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82075, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\3\0\0\200\3\0\0`\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82076, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\3\0\0\200\3\0\0`\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82076, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82075, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\3\0\0\200\3\0\0`\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82076, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\3\0\0\200\3\0\0`\10\0\0" )  ) == 0x0
 02831  2016   NtResumeThread  (900, ... 1, ) == 0x0
 02832  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02833  2144   NtWaitForSingleObject  (128, 0, 0x0, ...
 02832  2016   NtAllocateVirtualMemory  ... 215023616, 1048576, ) == 0x0
 02834  2016   NtAllocateVirtualMemory  (-1, 216064000, 0, 8192, 4096, 4, ... 216064000, 8192, ) == 0x0
 02835  2016   NtProtectVirtualMemory  (-1, (0xce0e000), 4096, 260, ... (0xce0e000), 4096, 4, ) == 0x0
 02836  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 904, {896, 2148}, ) == 0x0
 02837  2016   NtQueryInformationThread  (904, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feef000,Pid=896,Tid=2148,}, 0x0, ) == 0x0
 02838  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82076, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82076, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\3\0\0\200\3\0\0d\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82077, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\3\0\0\200\3\0\0d\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82077, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82076, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\3\0\0\200\3\0\0d\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82077, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\3\0\0\200\3\0\0d\10\0\0" )  ) == 0x0
 02839  2016   NtResumeThread  (904, ... 1, ) == 0x0
 02840  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 216072192, 1048576, ) == 0x0
 02841  2016   NtAllocateVirtualMemory  (-1, 217112576, 0, 8192, 4096, 4, ... 217112576, 8192, ) == 0x0
 02842  2148   NtWaitForSingleObject  (128, 0, 0x0, ...
 02843  2016   NtProtectVirtualMemory  (-1, (0xcf0e000), 4096, 260, ... (0xcf0e000), 4096, 4, ) == 0x0
 02844  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 908, {896, 2152}, ) == 0x0
 02845  2016   NtQueryInformationThread  (908, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feee000,Pid=896,Tid=2152,}, 0x0, ) == 0x0
 02846  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82077, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82077, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\3\0\0\200\3\0\0h\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82078, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\3\0\0\200\3\0\0h\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82078, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82077, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\3\0\0\200\3\0\0h\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82078, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\3\0\0\200\3\0\0h\10\0\0" )  ) == 0x0
 02847  2016   NtResumeThread  (908, ... 1, ) == 0x0
 02848  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02849  2152   NtWaitForSingleObject  (128, 0, 0x0, ...
 02848  2016   NtAllocateVirtualMemory  ... 217120768, 1048576, ) == 0x0
 02850  2016   NtAllocateVirtualMemory  (-1, 218161152, 0, 8192, 4096, 4, ... 218161152, 8192, ) == 0x0
 02851  2016   NtProtectVirtualMemory  (-1, (0xd00e000), 4096, 260, ... (0xd00e000), 4096, 4, ) == 0x0
 02852  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 912, {896, 2156}, ) == 0x0
 02853  2016   NtQueryInformationThread  (912, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feed000,Pid=896,Tid=2156,}, 0x0, ) == 0x0
 02854  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82078, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82078, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\3\0\0\200\3\0\0l\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82079, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\3\0\0\200\3\0\0l\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82079, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82078, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\3\0\0\200\3\0\0l\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82079, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\3\0\0\200\3\0\0l\10\0\0" )  ) == 0x0
 02855  2016   NtResumeThread  (912, ... 1, ) == 0x0
 02856  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 218169344, 1048576, ) == 0x0
 02857  2016   NtAllocateVirtualMemory  (-1, 219209728, 0, 8192, 4096, 4, ... 219209728, 8192, ) == 0x0
 02858  2156   NtWaitForSingleObject  (128, 0, 0x0, ...
 02859  2016   NtProtectVirtualMemory  (-1, (0xd10e000), 4096, 260, ... (0xd10e000), 4096, 4, ) == 0x0
 02860  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 916, {896, 2160}, ) == 0x0
 02861  2016   NtQueryInformationThread  (916, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feec000,Pid=896,Tid=2160,}, 0x0, ) == 0x0
 02862  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82079, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82079, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\3\0\0\200\3\0\0p\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82080, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\3\0\0\200\3\0\0p\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82080, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82079, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\3\0\0\200\3\0\0p\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82080, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\3\0\0\200\3\0\0p\10\0\0" )  ) == 0x0
 02863  2016   NtResumeThread  (916, ... 1, ) == 0x0
 02864  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02865  2160   NtWaitForSingleObject  (128, 0, 0x0, ...
 02864  2016   NtAllocateVirtualMemory  ... 219217920, 1048576, ) == 0x0
 02866  2016   NtAllocateVirtualMemory  (-1, 220258304, 0, 8192, 4096, 4, ... 220258304, 8192, ) == 0x0
 02867  2016   NtProtectVirtualMemory  (-1, (0xd20e000), 4096, 260, ... (0xd20e000), 4096, 4, ) == 0x0
 02868  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 920, {896, 2164}, ) == 0x0
 02869  2016   NtQueryInformationThread  (920, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feeb000,Pid=896,Tid=2164,}, 0x0, ) == 0x0
 02870  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82080, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82080, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\3\0\0\200\3\0\0t\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82081, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\3\0\0\200\3\0\0t\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82081, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82080, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\3\0\0\200\3\0\0t\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82081, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\3\0\0\200\3\0\0t\10\0\0" )  ) == 0x0
 02871  2016   NtResumeThread  (920, ... 1, ) == 0x0
 02872  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 220266496, 1048576, ) == 0x0
 02873  2016   NtAllocateVirtualMemory  (-1, 221306880, 0, 8192, 4096, 4, ... 221306880, 8192, ) == 0x0
 02874  2164   NtWaitForSingleObject  (128, 0, 0x0, ...
 02875  2016   NtProtectVirtualMemory  (-1, (0xd30e000), 4096, 260, ... (0xd30e000), 4096, 4, ) == 0x0
 02876  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 924, {896, 2168}, ) == 0x0
 02877  2016   NtQueryInformationThread  (924, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feea000,Pid=896,Tid=2168,}, 0x0, ) == 0x0
 02878  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82081, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82081, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\3\0\0\200\3\0\0x\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82082, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\3\0\0\200\3\0\0x\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82082, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82081, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\3\0\0\200\3\0\0x\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82082, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\3\0\0\200\3\0\0x\10\0\0" )  ) == 0x0
 02879  2016   NtResumeThread  (924, ... 1, ) == 0x0
 02880  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02881  2168   NtWaitForSingleObject  (128, 0, 0x0, ...
 02880  2016   NtAllocateVirtualMemory  ... 221315072, 1048576, ) == 0x0
 02882  2016   NtAllocateVirtualMemory  (-1, 222355456, 0, 8192, 4096, 4, ... 222355456, 8192, ) == 0x0
 02883  2016   NtProtectVirtualMemory  (-1, (0xd40e000), 4096, 260, ... (0xd40e000), 4096, 4, ) == 0x0
 02884  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 928, {896, 2172}, ) == 0x0
 02885  2016   NtQueryInformationThread  (928, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee9000,Pid=896,Tid=2172,}, 0x0, ) == 0x0
 02886  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82082, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82082, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\3\0\0\200\3\0\0|\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82083, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\3\0\0\200\3\0\0|\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82083, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82082, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\3\0\0\200\3\0\0|\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82083, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\3\0\0\200\3\0\0|\10\0\0" )  ) == 0x0
 02887  2016   NtResumeThread  (928, ... 1, ) == 0x0
 02888  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 222363648, 1048576, ) == 0x0
 02889  2016   NtAllocateVirtualMemory  (-1, 223404032, 0, 8192, 4096, 4, ... 223404032, 8192, ) == 0x0
 02890  2172   NtWaitForSingleObject  (128, 0, 0x0, ...
 02891  2016   NtProtectVirtualMemory  (-1, (0xd50e000), 4096, 260, ... (0xd50e000), 4096, 4, ) == 0x0
 02892  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 932, {896, 2176}, ) == 0x0
 02893  2016   NtQueryInformationThread  (932, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee8000,Pid=896,Tid=2176,}, 0x0, ) == 0x0
 02894  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82083, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82083, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\3\0\0\200\3\0\0\200\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82084, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\3\0\0\200\3\0\0\200\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82084, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82083, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\3\0\0\200\3\0\0\200\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82084, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\3\0\0\200\3\0\0\200\10\0\0" )  ) == 0x0
 02895  2016   NtResumeThread  (932, ... 1, ) == 0x0
 02896  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02897  2176   NtWaitForSingleObject  (128, 0, 0x0, ...
 02896  2016   NtAllocateVirtualMemory  ... 223412224, 1048576, ) == 0x0
 02898  2016   NtAllocateVirtualMemory  (-1, 224452608, 0, 8192, 4096, 4, ... 224452608, 8192, ) == 0x0
 02899  2016   NtProtectVirtualMemory  (-1, (0xd60e000), 4096, 260, ... (0xd60e000), 4096, 4, ) == 0x0
 02900  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 936, {896, 2180}, ) == 0x0
 02901  2016   NtQueryInformationThread  (936, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee7000,Pid=896,Tid=2180,}, 0x0, ) == 0x0
 02902  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82084, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82084, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\3\0\0\200\3\0\0\204\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82085, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\3\0\0\200\3\0\0\204\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82085, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82084, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\3\0\0\200\3\0\0\204\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82085, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\3\0\0\200\3\0\0\204\10\0\0" )  ) == 0x0
 02903  2016   NtResumeThread  (936, ... 1, ) == 0x0
 02904  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 224460800, 1048576, ) == 0x0
 02905  2016   NtAllocateVirtualMemory  (-1, 225501184, 0, 8192, 4096, 4, ... 225501184, 8192, ) == 0x0
 02906  2180   NtWaitForSingleObject  (128, 0, 0x0, ...
 02907  2016   NtProtectVirtualMemory  (-1, (0xd70e000), 4096, 260, ... (0xd70e000), 4096, 4, ) == 0x0
 02908  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 940, {896, 2184}, ) == 0x0
 02909  2016   NtQueryInformationThread  (940, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee6000,Pid=896,Tid=2184,}, 0x0, ) == 0x0
 02910  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82085, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82085, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\3\0\0\200\3\0\0\210\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82086, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\3\0\0\200\3\0\0\210\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82086, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82085, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\3\0\0\200\3\0\0\210\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82086, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\3\0\0\200\3\0\0\210\10\0\0" )  ) == 0x0
 02911  2016   NtResumeThread  (940, ... 1, ) == 0x0
 02912  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02913  2184   NtWaitForSingleObject  (128, 0, 0x0, ...
 02912  2016   NtAllocateVirtualMemory  ... 225509376, 1048576, ) == 0x0
 02914  2016   NtAllocateVirtualMemory  (-1, 226549760, 0, 8192, 4096, 4, ... 226549760, 8192, ) == 0x0
 02915  2016   NtProtectVirtualMemory  (-1, (0xd80e000), 4096, 260, ... (0xd80e000), 4096, 4, ) == 0x0
 02916  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 944, {896, 2188}, ) == 0x0
 02917  2016   NtQueryInformationThread  (944, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee5000,Pid=896,Tid=2188,}, 0x0, ) == 0x0
 02918  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82086, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82086, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\3\0\0\200\3\0\0\214\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82087, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\3\0\0\200\3\0\0\214\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82087, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82086, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\3\0\0\200\3\0\0\214\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82087, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\3\0\0\200\3\0\0\214\10\0\0" )  ) == 0x0
 02919  2016   NtResumeThread  (944, ... 1, ) == 0x0
 02920  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 226557952, 1048576, ) == 0x0
 02921  2016   NtAllocateVirtualMemory  (-1, 227598336, 0, 8192, 4096, 4, ... 227598336, 8192, ) == 0x0
 02922  2188   NtWaitForSingleObject  (128, 0, 0x0, ...
 02923  2016   NtProtectVirtualMemory  (-1, (0xd90e000), 4096, 260, ... (0xd90e000), 4096, 4, ) == 0x0
 02924  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 948, {896, 2192}, ) == 0x0
 02925  2016   NtQueryInformationThread  (948, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee4000,Pid=896,Tid=2192,}, 0x0, ) == 0x0
 02926  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82087, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82087, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\3\0\0\200\3\0\0\220\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82088, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\3\0\0\200\3\0\0\220\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82088, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82087, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\3\0\0\200\3\0\0\220\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82088, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\3\0\0\200\3\0\0\220\10\0\0" )  ) == 0x0
 02927  2016   NtResumeThread  (948, ... 1, ) == 0x0
 02928  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02929  2192   NtWaitForSingleObject  (128, 0, 0x0, ...
 02928  2016   NtAllocateVirtualMemory  ... 227606528, 1048576, ) == 0x0
 02930  2016   NtAllocateVirtualMemory  (-1, 228646912, 0, 8192, 4096, 4, ... 228646912, 8192, ) == 0x0
 02931  2016   NtProtectVirtualMemory  (-1, (0xda0e000), 4096, 260, ... (0xda0e000), 4096, 4, ) == 0x0
 02932  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 952, {896, 2196}, ) == 0x0
 02933  2016   NtQueryInformationThread  (952, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee3000,Pid=896,Tid=2196,}, 0x0, ) == 0x0
 02934  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82088, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82088, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\3\0\0\200\3\0\0\224\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82089, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\3\0\0\200\3\0\0\224\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82089, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82088, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\3\0\0\200\3\0\0\224\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82089, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\3\0\0\200\3\0\0\224\10\0\0" )  ) == 0x0
 02935  2016   NtResumeThread  (952, ... 1, ) == 0x0
 02936  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 228655104, 1048576, ) == 0x0
 02937  2016   NtAllocateVirtualMemory  (-1, 229695488, 0, 8192, 4096, 4, ... 229695488, 8192, ) == 0x0
 02938  2196   NtWaitForSingleObject  (128, 0, 0x0, ...
 02939  2016   NtProtectVirtualMemory  (-1, (0xdb0e000), 4096, 260, ... (0xdb0e000), 4096, 4, ) == 0x0
 02940  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 956, {896, 2200}, ) == 0x0
 02941  2016   NtQueryInformationThread  (956, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee2000,Pid=896,Tid=2200,}, 0x0, ) == 0x0
 02942  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82089, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82089, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\3\0\0\200\3\0\0\230\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82090, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\3\0\0\200\3\0\0\230\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82090, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82089, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\3\0\0\200\3\0\0\230\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82090, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\3\0\0\200\3\0\0\230\10\0\0" )  ) == 0x0
 02943  2016   NtResumeThread  (956, ... 1, ) == 0x0
 02944  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02945  2200   NtWaitForSingleObject  (128, 0, 0x0, ...
 02944  2016   NtAllocateVirtualMemory  ... 229703680, 1048576, ) == 0x0
 02946  2016   NtAllocateVirtualMemory  (-1, 230744064, 0, 8192, 4096, 4, ... 230744064, 8192, ) == 0x0
 02947  2016   NtProtectVirtualMemory  (-1, (0xdc0e000), 4096, 260, ... (0xdc0e000), 4096, 4, ) == 0x0
 02948  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 960, {896, 2204}, ) == 0x0
 02949  2016   NtQueryInformationThread  (960, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee1000,Pid=896,Tid=2204,}, 0x0, ) == 0x0
 02950  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82090, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82090, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\3\0\0\200\3\0\0\234\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82091, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\3\0\0\200\3\0\0\234\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82091, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82090, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\3\0\0\200\3\0\0\234\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82091, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\3\0\0\200\3\0\0\234\10\0\0" )  ) == 0x0
 02951  2016   NtResumeThread  (960, ... 1, ) == 0x0
 02952  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 230752256, 1048576, ) == 0x0
 02953  2016   NtAllocateVirtualMemory  (-1, 231792640, 0, 8192, 4096, 4, ... 231792640, 8192, ) == 0x0
 02954  2204   NtWaitForSingleObject  (128, 0, 0x0, ...
 02955  2016   NtProtectVirtualMemory  (-1, (0xdd0e000), 4096, 260, ... (0xdd0e000), 4096, 4, ) == 0x0
 02956  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 964, {896, 2208}, ) == 0x0
 02957  2016   NtQueryInformationThread  (964, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee0000,Pid=896,Tid=2208,}, 0x0, ) == 0x0
 02958  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82091, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82091, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\3\0\0\200\3\0\0\240\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82092, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\3\0\0\200\3\0\0\240\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82092, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82091, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\3\0\0\200\3\0\0\240\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82092, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\3\0\0\200\3\0\0\240\10\0\0" )  ) == 0x0
 02959  2016   NtResumeThread  (964, ... 1, ) == 0x0
 02960  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02961  2208   NtWaitForSingleObject  (128, 0, 0x0, ...
 02960  2016   NtAllocateVirtualMemory  ... 231800832, 1048576, ) == 0x0
 02962  2016   NtAllocateVirtualMemory  (-1, 232841216, 0, 8192, 4096, 4, ... 232841216, 8192, ) == 0x0
 02963  2016   NtProtectVirtualMemory  (-1, (0xde0e000), 4096, 260, ... (0xde0e000), 4096, 4, ) == 0x0
 02964  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 968, {896, 2212}, ) == 0x0
 02965  2016   NtQueryInformationThread  (968, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fedf000,Pid=896,Tid=2212,}, 0x0, ) == 0x0
 02966  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82092, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82092, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\3\0\0\200\3\0\0\244\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82093, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\3\0\0\200\3\0\0\244\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82093, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82092, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\3\0\0\200\3\0\0\244\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82093, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\3\0\0\200\3\0\0\244\10\0\0" )  ) == 0x0
 02967  2016   NtResumeThread  (968, ... 1, ) == 0x0
 02968  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02969  2212   NtWaitForSingleObject  (128, 0, 0x0, ...
 02968  2016   NtAllocateVirtualMemory  ... 232849408, 1048576, ) == 0x0
 02970  2016   NtAllocateVirtualMemory  (-1, 233889792, 0, 8192, 4096, 4, ... 233889792, 8192, ) == 0x0
 02971  2016   NtProtectVirtualMemory  (-1, (0xdf0e000), 4096, 260, ... (0xdf0e000), 4096, 4, ) == 0x0
 02972  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 972, {896, 2216}, ) == 0x0
 02973  2016   NtQueryInformationThread  (972, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fede000,Pid=896,Tid=2216,}, 0x0, ) == 0x0
 02974  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82093, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82093, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\3\0\0\200\3\0\0\250\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82094, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\3\0\0\200\3\0\0\250\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82094, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82093, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\3\0\0\200\3\0\0\250\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82094, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\3\0\0\200\3\0\0\250\10\0\0" )  ) == 0x0
 02975  2016   NtResumeThread  (972, ... 1, ) == 0x0
 02976  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 233897984, 1048576, ) == 0x0
 02977  2016   NtAllocateVirtualMemory  (-1, 234938368, 0, 8192, 4096, 4, ... 234938368, 8192, ) == 0x0
 02978  2216   NtWaitForSingleObject  (128, 0, 0x0, ...
 02979  2016   NtProtectVirtualMemory  (-1, (0xe00e000), 4096, 260, ... (0xe00e000), 4096, 4, ) == 0x0
 02980  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 976, {896, 2220}, ) == 0x0
 02981  2016   NtQueryInformationThread  (976, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fedd000,Pid=896,Tid=2220,}, 0x0, ) == 0x0
 02982  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82094, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82094, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\3\0\0\200\3\0\0\254\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82095, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\3\0\0\200\3\0\0\254\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82095, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82094, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\3\0\0\200\3\0\0\254\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82095, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\3\0\0\200\3\0\0\254\10\0\0" )  ) == 0x0
 02983  2016   NtResumeThread  (976, ... 1, ) == 0x0
 02984  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02985  2220   NtWaitForSingleObject  (128, 0, 0x0, ...
 02984  2016   NtAllocateVirtualMemory  ... 234946560, 1048576, ) == 0x0
 02986  2016   NtAllocateVirtualMemory  (-1, 235986944, 0, 8192, 4096, 4, ... 235986944, 8192, ) == 0x0
 02987  2016   NtProtectVirtualMemory  (-1, (0xe10e000), 4096, 260, ... (0xe10e000), 4096, 4, ) == 0x0
 02988  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 980, {896, 2224}, ) == 0x0
 02989  2016   NtQueryInformationThread  (980, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fedc000,Pid=896,Tid=2224,}, 0x0, ) == 0x0
 02990  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82095, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82095, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\3\0\0\200\3\0\0\260\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82096, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\3\0\0\200\3\0\0\260\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82096, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82095, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\3\0\0\200\3\0\0\260\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82096, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\3\0\0\200\3\0\0\260\10\0\0" )  ) == 0x0
 02991  2016   NtResumeThread  (980, ... 1, ) == 0x0
 02992  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 235995136, 1048576, ) == 0x0
 02993  2016   NtAllocateVirtualMemory  (-1, 237035520, 0, 8192, 4096, 4, ... 237035520, 8192, ) == 0x0
 02994  2224   NtWaitForSingleObject  (128, 0, 0x0, ...
 02995  2016   NtProtectVirtualMemory  (-1, (0xe20e000), 4096, 260, ... (0xe20e000), 4096, 4, ) == 0x0
 02996  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 984, {896, 2228}, ) == 0x0
 02997  2016   NtQueryInformationThread  (984, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fedb000,Pid=896,Tid=2228,}, 0x0, ) == 0x0
 02998  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82096, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82096, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\3\0\0\200\3\0\0\264\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82097, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\3\0\0\200\3\0\0\264\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82097, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82096, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\3\0\0\200\3\0\0\264\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82097, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\3\0\0\200\3\0\0\264\10\0\0" )  ) == 0x0
 02999  2016   NtResumeThread  (984, ... 1, ) == 0x0
 03000  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03001  2228   NtWaitForSingleObject  (128, 0, 0x0, ...
 03000  2016   NtAllocateVirtualMemory  ... 237043712, 1048576, ) == 0x0
 03002  2016   NtAllocateVirtualMemory  (-1, 238084096, 0, 8192, 4096, 4, ... 238084096, 8192, ) == 0x0
 03003  2016   NtProtectVirtualMemory  (-1, (0xe30e000), 4096, 260, ... (0xe30e000), 4096, 4, ) == 0x0
 03004  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 988, {896, 2232}, ) == 0x0
 03005  2016   NtQueryInformationThread  (988, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feda000,Pid=896,Tid=2232,}, 0x0, ) == 0x0
 03006  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82097, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82097, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\3\0\0\200\3\0\0\270\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82098, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\3\0\0\200\3\0\0\270\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82098, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82097, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\3\0\0\200\3\0\0\270\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82098, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\3\0\0\200\3\0\0\270\10\0\0" )  ) == 0x0
 03007  2016   NtResumeThread  (988, ... 1, ) == 0x0
 03008  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 238092288, 1048576, ) == 0x0
 03009  2016   NtAllocateVirtualMemory  (-1, 239132672, 0, 8192, 4096, 4, ... 239132672, 8192, ) == 0x0
 03010  2232   NtWaitForSingleObject  (128, 0, 0x0, ...
 03011  2016   NtProtectVirtualMemory  (-1, (0xe40e000), 4096, 260, ... (0xe40e000), 4096, 4, ) == 0x0
 03012  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 992, {896, 2236}, ) == 0x0
 03013  2016   NtQueryInformationThread  (992, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fed9000,Pid=896,Tid=2236,}, 0x0, ) == 0x0
 03014  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82098, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82098, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\3\0\0\200\3\0\0\274\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82099, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\3\0\0\200\3\0\0\274\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82099, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82098, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\3\0\0\200\3\0\0\274\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82099, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\3\0\0\200\3\0\0\274\10\0\0" )  ) == 0x0
 03015  2016   NtResumeThread  (992, ... 1, ) == 0x0
 03016  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03017  2236   NtWaitForSingleObject  (128, 0, 0x0, ...
 03016  2016   NtAllocateVirtualMemory  ... 239140864, 1048576, ) == 0x0
 03018  2016   NtAllocateVirtualMemory  (-1, 240181248, 0, 8192, 4096, 4, ... 240181248, 8192, ) == 0x0
 03019  2016   NtProtectVirtualMemory  (-1, (0xe50e000), 4096, 260, ... (0xe50e000), 4096, 4, ) == 0x0
 03020  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 996, {896, 2240}, ) == 0x0
 03021  2016   NtQueryInformationThread  (996, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fed8000,Pid=896,Tid=2240,}, 0x0, ) == 0x0
 03022  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82099, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82099, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\3\0\0\200\3\0\0\300\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82100, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\3\0\0\200\3\0\0\300\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82100, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82099, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\3\0\0\200\3\0\0\300\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82100, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\3\0\0\200\3\0\0\300\10\0\0" )  ) == 0x0
 03023  2016   NtResumeThread  (996, ... 1, ) == 0x0
 03024  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 240189440, 1048576, ) == 0x0
 03025  2016   NtAllocateVirtualMemory  (-1, 241229824, 0, 8192, 4096, 4, ... 241229824, 8192, ) == 0x0
 03026  2240   NtWaitForSingleObject  (128, 0, 0x0, ...
 03027  2016   NtProtectVirtualMemory  (-1, (0xe60e000), 4096, 260, ... (0xe60e000), 4096, 4, ) == 0x0
 03028  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1000, {896, 2244}, ) == 0x0
 03029  2016   NtQueryInformationThread  (1000, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fed7000,Pid=896,Tid=2244,}, 0x0, ) == 0x0
 03030  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82100, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82100, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\3\0\0\200\3\0\0\304\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82101, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\3\0\0\200\3\0\0\304\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82101, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82100, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\3\0\0\200\3\0\0\304\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82101, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\3\0\0\200\3\0\0\304\10\0\0" )  ) == 0x0
 03031  2016   NtResumeThread  (1000, ... 1, ) == 0x0
 03032  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03033  2244   NtWaitForSingleObject  (128, 0, 0x0, ...
 03032  2016   NtAllocateVirtualMemory  ... 241238016, 1048576, ) == 0x0
 03034  2016   NtAllocateVirtualMemory  (-1, 242278400, 0, 8192, 4096, 4, ... 242278400, 8192, ) == 0x0
 03035  2016   NtProtectVirtualMemory  (-1, (0xe70e000), 4096, 260, ... (0xe70e000), 4096, 4, ) == 0x0
 03036  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1004, {896, 2248}, ) == 0x0
 03037  2016   NtQueryInformationThread  (1004, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fed6000,Pid=896,Tid=2248,}, 0x0, ) == 0x0
 03038  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82101, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82101, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\3\0\0\200\3\0\0\310\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82102, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\3\0\0\200\3\0\0\310\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82102, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82101, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\3\0\0\200\3\0\0\310\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82102, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\3\0\0\200\3\0\0\310\10\0\0" )  ) == 0x0
 03039  2016   NtResumeThread  (1004, ... 1, ) == 0x0
 03040  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 242286592, 1048576, ) == 0x0
 03041  2016   NtAllocateVirtualMemory  (-1, 243326976, 0, 8192, 4096, 4, ... 243326976, 8192, ) == 0x0
 03042  2248   NtWaitForSingleObject  (128, 0, 0x0, ...
 03043  2016   NtProtectVirtualMemory  (-1, (0xe80e000), 4096, 260, ... (0xe80e000), 4096, 4, ) == 0x0
 03044  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1008, {896, 2252}, ) == 0x0
 03045  2016   NtQueryInformationThread  (1008, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fed5000,Pid=896,Tid=2252,}, 0x0, ) == 0x0
 03046  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82102, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82102, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\3\0\0\200\3\0\0\314\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82103, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\3\0\0\200\3\0\0\314\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82103, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82102, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\3\0\0\200\3\0\0\314\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82103, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\3\0\0\200\3\0\0\314\10\0\0" )  ) == 0x0
 03047  2016   NtResumeThread  (1008, ... 1, ) == 0x0
 03048  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03049  2252   NtWaitForSingleObject  (128, 0, 0x0, ...
 03048  2016   NtAllocateVirtualMemory  ... 243335168, 1048576, ) == 0x0
 03050  2016   NtAllocateVirtualMemory  (-1, 244375552, 0, 8192, 4096, 4, ... 244375552, 8192, ) == 0x0
 03051  2016   NtProtectVirtualMemory  (-1, (0xe90e000), 4096, 260, ... (0xe90e000), 4096, 4, ) == 0x0
 03052  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1012, {896, 2256}, ) == 0x0
 03053  2016   NtQueryInformationThread  (1012, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fed4000,Pid=896,Tid=2256,}, 0x0, ) == 0x0
 03054  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82103, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82103, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\3\0\0\200\3\0\0\320\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82104, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\3\0\0\200\3\0\0\320\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82104, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82103, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\3\0\0\200\3\0\0\320\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82104, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\3\0\0\200\3\0\0\320\10\0\0" )  ) == 0x0
 03055  2016   NtResumeThread  (1012, ... 1, ) == 0x0
 03056  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 244383744, 1048576, ) == 0x0
 03057  2016   NtAllocateVirtualMemory  (-1, 245424128, 0, 8192, 4096, 4, ... 245424128, 8192, ) == 0x0
 03058  2256   NtWaitForSingleObject  (128, 0, 0x0, ...
 03059  2016   NtProtectVirtualMemory  (-1, (0xea0e000), 4096, 260, ... (0xea0e000), 4096, 4, ) == 0x0
 03060  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1016, {896, 2260}, ) == 0x0
 03061  2016   NtQueryInformationThread  (1016, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fed3000,Pid=896,Tid=2260,}, 0x0, ) == 0x0
 03062  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82104, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82104, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\3\0\0\200\3\0\0\324\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82105, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\3\0\0\200\3\0\0\324\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82105, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82104, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\3\0\0\200\3\0\0\324\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82105, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\3\0\0\200\3\0\0\324\10\0\0" )  ) == 0x0
 03063  2016   NtResumeThread  (1016, ... 1, ) == 0x0
 03064  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03065  2260   NtWaitForSingleObject  (128, 0, 0x0, ...
 03064  2016   NtAllocateVirtualMemory  ... 245432320, 1048576, ) == 0x0
 03066  2016   NtAllocateVirtualMemory  (-1, 246472704, 0, 8192, 4096, 4, ... 246472704, 8192, ) == 0x0
 03067  2016   NtProtectVirtualMemory  (-1, (0xeb0e000), 4096, 260, ... (0xeb0e000), 4096, 4, ) == 0x0
 03068  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1020, {896, 2264}, ) == 0x0
 03069  2016   NtQueryInformationThread  (1020, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fed2000,Pid=896,Tid=2264,}, 0x0, ) == 0x0
 03070  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82105, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82105, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\3\0\0\200\3\0\0\330\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82106, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\3\0\0\200\3\0\0\330\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82106, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82105, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\3\0\0\200\3\0\0\330\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82106, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\3\0\0\200\3\0\0\330\10\0\0" )  ) == 0x0
 03071  2016   NtResumeThread  (1020, ... 1, ) == 0x0
 03072  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 246480896, 1048576, ) == 0x0
 03073  2016   NtAllocateVirtualMemory  (-1, 247521280, 0, 8192, 4096, 4, ... 247521280, 8192, ) == 0x0
 03074  2264   NtWaitForSingleObject  (128, 0, 0x0, ...
 03075  2016   NtProtectVirtualMemory  (-1, (0xec0e000), 4096, 260, ... (0xec0e000), 4096, 4, ) == 0x0
 03076  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1024, {896, 2268}, ) == 0x0
 03077  2016   NtQueryInformationThread  (1024, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fed1000,Pid=896,Tid=2268,}, 0x0, ) == 0x0
 03078  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82106, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82106, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\4\0\0\200\3\0\0\334\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82107, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\4\0\0\200\3\0\0\334\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82107, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82106, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\4\0\0\200\3\0\0\334\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82107, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\4\0\0\200\3\0\0\334\10\0\0" )  ) == 0x0
 03079  2016   NtResumeThread  (1024, ... 1, ) == 0x0
 03080  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03081  2268   NtWaitForSingleObject  (128, 0, 0x0, ...
 03080  2016   NtAllocateVirtualMemory  ... 247529472, 1048576, ) == 0x0
 03082  2016   NtAllocateVirtualMemory  (-1, 248569856, 0, 8192, 4096, 4, ... 248569856, 8192, ) == 0x0
 03083  2016   NtProtectVirtualMemory  (-1, (0xed0e000), 4096, 260, ... (0xed0e000), 4096, 4, ) == 0x0
 03084  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1028, {896, 2272}, ) == 0x0
 03085  2016   NtQueryInformationThread  (1028, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fed0000,Pid=896,Tid=2272,}, 0x0, ) == 0x0
 03086  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82107, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82107, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\4\0\0\200\3\0\0\340\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82108, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\4\0\0\200\3\0\0\340\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82108, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82107, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\4\0\0\200\3\0\0\340\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82108, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\4\0\0\200\3\0\0\340\10\0\0" )  ) == 0x0
 03087  2016   NtResumeThread  (1028, ... 1, ) == 0x0
 03088  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 248578048, 1048576, ) == 0x0
 03089  2016   NtAllocateVirtualMemory  (-1, 249618432, 0, 8192, 4096, 4, ... 249618432, 8192, ) == 0x0
 03090  2272   NtWaitForSingleObject  (128, 0, 0x0, ...
 03091  2016   NtProtectVirtualMemory  (-1, (0xee0e000), 4096, 260, ... (0xee0e000), 4096, 4, ) == 0x0
 03092  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1032, {896, 2276}, ) == 0x0
 03093  2016   NtQueryInformationThread  (1032, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fecf000,Pid=896,Tid=2276,}, 0x0, ) == 0x0
 03094  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82108, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82108, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\4\0\0\200\3\0\0\344\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82109, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\4\0\0\200\3\0\0\344\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82109, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82108, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\4\0\0\200\3\0\0\344\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82109, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\4\0\0\200\3\0\0\344\10\0\0" )  ) == 0x0
 03095  2016   NtResumeThread  (1032, ... 1, ) == 0x0
 03096  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03097  2276   NtWaitForSingleObject  (128, 0, 0x0, ...
 03096  2016   NtAllocateVirtualMemory  ... 249626624, 1048576, ) == 0x0
 03098  2016   NtAllocateVirtualMemory  (-1, 250667008, 0, 8192, 4096, 4, ... 250667008, 8192, ) == 0x0
 03099  2016   NtProtectVirtualMemory  (-1, (0xef0e000), 4096, 260, ... (0xef0e000), 4096, 4, ) == 0x0
 03100  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1036, {896, 2280}, ) == 0x0
 03101  2016   NtQueryInformationThread  (1036, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fece000,Pid=896,Tid=2280,}, 0x0, ) == 0x0
 03102  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82109, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82109, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\4\0\0\200\3\0\0\350\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82110, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\4\0\0\200\3\0\0\350\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82110, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82109, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\4\0\0\200\3\0\0\350\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82110, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\4\0\0\200\3\0\0\350\10\0\0" )  ) == 0x0
 03103  2016   NtResumeThread  (1036, ... 1, ) == 0x0
 03104  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 250675200, 1048576, ) == 0x0
 03105  2016   NtAllocateVirtualMemory  (-1, 251715584, 0, 8192, 4096, 4, ... 251715584, 8192, ) == 0x0
 03106  2280   NtWaitForSingleObject  (128, 0, 0x0, ...
 03107  2016   NtProtectVirtualMemory  (-1, (0xf00e000), 4096, 260, ... (0xf00e000), 4096, 4, ) == 0x0
 03108  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1040, {896, 2284}, ) == 0x0
 03109  2016   NtQueryInformationThread  (1040, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fecd000,Pid=896,Tid=2284,}, 0x0, ) == 0x0
 03110  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82110, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82110, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\4\0\0\200\3\0\0\354\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82111, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\4\0\0\200\3\0\0\354\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82111, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82110, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\4\0\0\200\3\0\0\354\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82111, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\4\0\0\200\3\0\0\354\10\0\0" )  ) == 0x0
 03111  2016   NtResumeThread  (1040, ... 1, ) == 0x0
 03112  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03113  2284   NtWaitForSingleObject  (128, 0, 0x0, ...
 03112  2016   NtAllocateVirtualMemory  ... 251723776, 1048576, ) == 0x0
 03114  2016   NtAllocateVirtualMemory  (-1, 252764160, 0, 8192, 4096, 4, ... 252764160, 8192, ) == 0x0
 03115  2016   NtProtectVirtualMemory  (-1, (0xf10e000), 4096, 260, ... (0xf10e000), 4096, 4, ) == 0x0
 03116  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1044, {896, 2288}, ) == 0x0
 03117  2016   NtQueryInformationThread  (1044, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fecc000,Pid=896,Tid=2288,}, 0x0, ) == 0x0
 03118  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82111, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82111, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\4\0\0\200\3\0\0\360\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82112, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\4\0\0\200\3\0\0\360\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82112, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82111, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\4\0\0\200\3\0\0\360\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82112, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\4\0\0\200\3\0\0\360\10\0\0" )  ) == 0x0
 03119  2016   NtResumeThread  (1044, ... 1, ) == 0x0
 03120  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 252772352, 1048576, ) == 0x0
 03121  2016   NtAllocateVirtualMemory  (-1, 253812736, 0, 8192, 4096, 4, ... 253812736, 8192, ) == 0x0
 03122  2288   NtWaitForSingleObject  (128, 0, 0x0, ...
 03123  2016   NtProtectVirtualMemory  (-1, (0xf20e000), 4096, 260, ... (0xf20e000), 4096, 4, ) == 0x0
 03124  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1048, {896, 2292}, ) == 0x0
 03125  2016   NtQueryInformationThread  (1048, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fecb000,Pid=896,Tid=2292,}, 0x0, ) == 0x0
 03126  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82112, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82112, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\4\0\0\200\3\0\0\364\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82113, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\4\0\0\200\3\0\0\364\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82113, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82112, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\4\0\0\200\3\0\0\364\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82113, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\4\0\0\200\3\0\0\364\10\0\0" )  ) == 0x0
 03127  2016   NtResumeThread  (1048, ... 1, ) == 0x0
 03128  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03129  2292   NtWaitForSingleObject  (128, 0, 0x0, ...
 03128  2016   NtAllocateVirtualMemory  ... 253820928, 1048576, ) == 0x0
 03130  2016   NtAllocateVirtualMemory  (-1, 254861312, 0, 8192, 4096, 4, ... 254861312, 8192, ) == 0x0
 03131  2016   NtProtectVirtualMemory  (-1, (0xf30e000), 4096, 260, ... (0xf30e000), 4096, 4, ) == 0x0
 03132  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1052, {896, 2296}, ) == 0x0
 03133  2016   NtQueryInformationThread  (1052, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feca000,Pid=896,Tid=2296,}, 0x0, ) == 0x0
 03134  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82113, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82113, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\4\0\0\200\3\0\0\370\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82114, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\4\0\0\200\3\0\0\370\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82114, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82113, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\4\0\0\200\3\0\0\370\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82114, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\4\0\0\200\3\0\0\370\10\0\0" )  ) == 0x0
 03135  2016   NtResumeThread  (1052, ... 1, ) == 0x0
 03136  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 254869504, 1048576, ) == 0x0
 03137  2016   NtAllocateVirtualMemory  (-1, 255909888, 0, 8192, 4096, 4, ... 255909888, 8192, ) == 0x0
 03138  2296   NtWaitForSingleObject  (128, 0, 0x0, ...
 03139  2016   NtProtectVirtualMemory  (-1, (0xf40e000), 4096, 260, ... (0xf40e000), 4096, 4, ) == 0x0
 03140  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1056, {896, 2300}, ) == 0x0
 03141  2016   NtQueryInformationThread  (1056, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fec9000,Pid=896,Tid=2300,}, 0x0, ) == 0x0
 03142  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82114, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82114, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \4\0\0\200\3\0\0\374\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82115, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \4\0\0\200\3\0\0\374\10\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82115, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82114, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \4\0\0\200\3\0\0\374\10\0\0" ... {28, 56, reply, 0, 896, 2016, 82115, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \4\0\0\200\3\0\0\374\10\0\0" )  ) == 0x0
 03143  2016   NtResumeThread  (1056, ... 1, ) == 0x0
 03144  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03145  2300   NtWaitForSingleObject  (128, 0, 0x0, ...
 03144  2016   NtAllocateVirtualMemory  ... 255918080, 1048576, ) == 0x0
 03146  2016   NtAllocateVirtualMemory  (-1, 256958464, 0, 8192, 4096, 4, ... 256958464, 8192, ) == 0x0
 03147  2016   NtProtectVirtualMemory  (-1, (0xf50e000), 4096, 260, ... (0xf50e000), 4096, 4, ) == 0x0
 03148  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1060, {896, 2304}, ) == 0x0
 03149  2016   NtQueryInformationThread  (1060, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fec8000,Pid=896,Tid=2304,}, 0x0, ) == 0x0
 03150  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82115, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82115, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\4\0\0\200\3\0\0\0\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82116, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\4\0\0\200\3\0\0\0\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82116, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82115, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\4\0\0\200\3\0\0\0\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82116, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\4\0\0\200\3\0\0\0\11\0\0" )  ) == 0x0
 03151  2016   NtResumeThread  (1060, ... 1, ) == 0x0
 03152  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 256966656, 1048576, ) == 0x0
 03153  2016   NtAllocateVirtualMemory  (-1, 258007040, 0, 8192, 4096, 4, ... 258007040, 8192, ) == 0x0
 03154  2304   NtWaitForSingleObject  (128, 0, 0x0, ...
 03155  2016   NtProtectVirtualMemory  (-1, (0xf60e000), 4096, 260, ... (0xf60e000), 4096, 4, ) == 0x0
 03156  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1064, {896, 2308}, ) == 0x0
 03157  2016   NtQueryInformationThread  (1064, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fec7000,Pid=896,Tid=2308,}, 0x0, ) == 0x0
 03158  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82116, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82116, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\4\0\0\200\3\0\0\4\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82117, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\4\0\0\200\3\0\0\4\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82117, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82116, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\4\0\0\200\3\0\0\4\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82117, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\4\0\0\200\3\0\0\4\11\0\0" )  ) == 0x0
 03159  2016   NtResumeThread  (1064, ... 1, ) == 0x0
 03160  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03161  2308   NtWaitForSingleObject  (128, 0, 0x0, ...
 03160  2016   NtAllocateVirtualMemory  ... 258015232, 1048576, ) == 0x0
 03162  2016   NtAllocateVirtualMemory  (-1, 259055616, 0, 8192, 4096, 4, ... 259055616, 8192, ) == 0x0
 03163  2016   NtProtectVirtualMemory  (-1, (0xf70e000), 4096, 260, ... (0xf70e000), 4096, 4, ) == 0x0
 03164  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1068, {896, 2312}, ) == 0x0
 03165  2016   NtQueryInformationThread  (1068, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fec6000,Pid=896,Tid=2312,}, 0x0, ) == 0x0
 03166  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82117, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82117, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\4\0\0\200\3\0\0\10\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82118, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\4\0\0\200\3\0\0\10\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82118, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82117, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\4\0\0\200\3\0\0\10\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82118, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\4\0\0\200\3\0\0\10\11\0\0" )  ) == 0x0
 03167  2016   NtResumeThread  (1068, ... 1, ) == 0x0
 03168  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 259063808, 1048576, ) == 0x0
 03169  2016   NtAllocateVirtualMemory  (-1, 260104192, 0, 8192, 4096, 4, ... 260104192, 8192, ) == 0x0
 03170  2312   NtWaitForSingleObject  (128, 0, 0x0, ...
 03171  2016   NtProtectVirtualMemory  (-1, (0xf80e000), 4096, 260, ... (0xf80e000), 4096, 4, ) == 0x0
 03172  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1072, {896, 2316}, ) == 0x0
 03173  2016   NtQueryInformationThread  (1072, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fec5000,Pid=896,Tid=2316,}, 0x0, ) == 0x0
 03174  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82118, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82118, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\4\0\0\200\3\0\0\14\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82119, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\4\0\0\200\3\0\0\14\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82119, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82118, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\4\0\0\200\3\0\0\14\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82119, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\4\0\0\200\3\0\0\14\11\0\0" )  ) == 0x0
 03175  2016   NtResumeThread  (1072, ... 1, ) == 0x0
 03176  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03177  2316   NtWaitForSingleObject  (128, 0, 0x0, ...
 03176  2016   NtAllocateVirtualMemory  ... 260112384, 1048576, ) == 0x0
 03178  2016   NtAllocateVirtualMemory  (-1, 261152768, 0, 8192, 4096, 4, ... 261152768, 8192, ) == 0x0
 03179  2016   NtProtectVirtualMemory  (-1, (0xf90e000), 4096, 260, ... (0xf90e000), 4096, 4, ) == 0x0
 03180  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1076, {896, 2320}, ) == 0x0
 03181  2016   NtQueryInformationThread  (1076, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fec4000,Pid=896,Tid=2320,}, 0x0, ) == 0x0
 03182  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82119, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82119, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\4\0\0\200\3\0\0\20\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82120, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\4\0\0\200\3\0\0\20\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82120, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82119, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\4\0\0\200\3\0\0\20\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82120, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\4\0\0\200\3\0\0\20\11\0\0" )  ) == 0x0
 03183  2016   NtResumeThread  (1076, ... 1, ) == 0x0
 03184  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 261160960, 1048576, ) == 0x0
 03185  2016   NtAllocateVirtualMemory  (-1, 262201344, 0, 8192, 4096, 4, ... 262201344, 8192, ) == 0x0
 03186  2320   NtWaitForSingleObject  (128, 0, 0x0, ...
 03187  2016   NtProtectVirtualMemory  (-1, (0xfa0e000), 4096, 260, ... (0xfa0e000), 4096, 4, ) == 0x0
 03188  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1080, {896, 2324}, ) == 0x0
 03189  2016   NtQueryInformationThread  (1080, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fec3000,Pid=896,Tid=2324,}, 0x0, ) == 0x0
 03190  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82120, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82120, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\4\0\0\200\3\0\0\24\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82121, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\4\0\0\200\3\0\0\24\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82121, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82120, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\4\0\0\200\3\0\0\24\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82121, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\4\0\0\200\3\0\0\24\11\0\0" )  ) == 0x0
 03191  2016   NtResumeThread  (1080, ... 1, ) == 0x0
 03192  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03193  2324   NtWaitForSingleObject  (128, 0, 0x0, ...
 03192  2016   NtAllocateVirtualMemory  ... 262209536, 1048576, ) == 0x0
 03194  2016   NtAllocateVirtualMemory  (-1, 263249920, 0, 8192, 4096, 4, ... 263249920, 8192, ) == 0x0
 03195  2016   NtProtectVirtualMemory  (-1, (0xfb0e000), 4096, 260, ... (0xfb0e000), 4096, 4, ) == 0x0
 03196  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1084, {896, 2328}, ) == 0x0
 03197  2016   NtQueryInformationThread  (1084, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fec2000,Pid=896,Tid=2328,}, 0x0, ) == 0x0
 03198  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82121, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82121, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\4\0\0\200\3\0\0\30\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82122, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\4\0\0\200\3\0\0\30\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82122, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82121, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\4\0\0\200\3\0\0\30\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82122, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\4\0\0\200\3\0\0\30\11\0\0" )  ) == 0x0
 03199  2016   NtResumeThread  (1084, ... 1, ) == 0x0
 03200  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 263258112, 1048576, ) == 0x0
 03201  2016   NtAllocateVirtualMemory  (-1, 264298496, 0, 8192, 4096, 4, ... 264298496, 8192, ) == 0x0
 03202  2328   NtWaitForSingleObject  (128, 0, 0x0, ...
 03203  2016   NtProtectVirtualMemory  (-1, (0xfc0e000), 4096, 260, ... (0xfc0e000), 4096, 4, ) == 0x0
 03204  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1088, {896, 2332}, ) == 0x0
 03205  2016   NtQueryInformationThread  (1088, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fec1000,Pid=896,Tid=2332,}, 0x0, ) == 0x0
 03206  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82122, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82122, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\4\0\0\200\3\0\0\34\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82123, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\4\0\0\200\3\0\0\34\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82123, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82122, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\4\0\0\200\3\0\0\34\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82123, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\4\0\0\200\3\0\0\34\11\0\0" )  ) == 0x0
 03207  2016   NtResumeThread  (1088, ... 1, ) == 0x0
 03208  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03209  2332   NtWaitForSingleObject  (128, 0, 0x0, ...
 03208  2016   NtAllocateVirtualMemory  ... 264306688, 1048576, ) == 0x0
 03210  2016   NtAllocateVirtualMemory  (-1, 265347072, 0, 8192, 4096, 4, ... 265347072, 8192, ) == 0x0
 03211  2016   NtProtectVirtualMemory  (-1, (0xfd0e000), 4096, 260, ... (0xfd0e000), 4096, 4, ) == 0x0
 03212  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1092, {896, 2336}, ) == 0x0
 03213  2016   NtQueryInformationThread  (1092, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fec0000,Pid=896,Tid=2336,}, 0x0, ) == 0x0
 03214  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82123, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82123, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\4\0\0\200\3\0\0 \11\0\0" ... {28, 56, reply, 0, 896, 2016, 82124, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\4\0\0\200\3\0\0 \11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82124, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82123, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\4\0\0\200\3\0\0 \11\0\0" ... {28, 56, reply, 0, 896, 2016, 82124, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\4\0\0\200\3\0\0 \11\0\0" )  ) == 0x0
 03215  2016   NtResumeThread  (1092, ... 1, ) == 0x0
 03216  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 265355264, 1048576, ) == 0x0
 03217  2016   NtAllocateVirtualMemory  (-1, 266395648, 0, 8192, 4096, 4, ... 266395648, 8192, ) == 0x0
 03218  2336   NtWaitForSingleObject  (128, 0, 0x0, ...
 03219  2016   NtProtectVirtualMemory  (-1, (0xfe0e000), 4096, 260, ... (0xfe0e000), 4096, 4, ) == 0x0
 03220  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1096, {896, 2340}, ) == 0x0
 03221  2016   NtQueryInformationThread  (1096, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7febf000,Pid=896,Tid=2340,}, 0x0, ) == 0x0
 03222  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82124, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82124, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\4\0\0\200\3\0\0$\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82125, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\4\0\0\200\3\0\0$\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82125, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82124, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\4\0\0\200\3\0\0$\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82125, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\4\0\0\200\3\0\0$\11\0\0" )  ) == 0x0
 03223  2016   NtResumeThread  (1096, ... 1, ) == 0x0
 03224  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03225  2340   NtWaitForSingleObject  (128, 0, 0x0, ...
 03224  2016   NtAllocateVirtualMemory  ... 266403840, 1048576, ) == 0x0
 03226  2016   NtAllocateVirtualMemory  (-1, 267444224, 0, 8192, 4096, 4, ... 267444224, 8192, ) == 0x0
 03227  2016   NtProtectVirtualMemory  (-1, (0xff0e000), 4096, 260, ... (0xff0e000), 4096, 4, ) == 0x0
 03228  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1100, {896, 2344}, ) == 0x0
 03229  2016   NtQueryInformationThread  (1100, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7febe000,Pid=896,Tid=2344,}, 0x0, ) == 0x0
 03230  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82125, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82125, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\4\0\0\200\3\0\0(\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82126, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\4\0\0\200\3\0\0(\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82126, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82125, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\4\0\0\200\3\0\0(\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82126, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\4\0\0\200\3\0\0(\11\0\0" )  ) == 0x0
 03231  2016   NtResumeThread  (1100, ... 1, ) == 0x0
 03232  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 267452416, 1048576, ) == 0x0
 03233  2016   NtAllocateVirtualMemory  (-1, 268492800, 0, 8192, 4096, 4, ... 268492800, 8192, ) == 0x0
 03234  2344   NtWaitForSingleObject  (128, 0, 0x0, ...
 03235  2016   NtProtectVirtualMemory  (-1, (0x1000e000), 4096, 260, ... (0x1000e000), 4096, 4, ) == 0x0
 03236  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1104, {896, 2348}, ) == 0x0
 03237  2016   NtQueryInformationThread  (1104, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7febd000,Pid=896,Tid=2348,}, 0x0, ) == 0x0
 03238  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82126, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82126, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\4\0\0\200\3\0\0,\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82127, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\4\0\0\200\3\0\0,\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82127, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82126, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\4\0\0\200\3\0\0,\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82127, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\4\0\0\200\3\0\0,\11\0\0" )  ) == 0x0
 03239  2016   NtResumeThread  (1104, ... 1, ) == 0x0
 03240  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03241  2348   NtWaitForSingleObject  (128, 0, 0x0, ...
 03240  2016   NtAllocateVirtualMemory  ... 268500992, 1048576, ) == 0x0
 03242  2016   NtAllocateVirtualMemory  (-1, 269541376, 0, 8192, 4096, 4, ... 269541376, 8192, ) == 0x0
 03243  2016   NtProtectVirtualMemory  (-1, (0x1010e000), 4096, 260, ... (0x1010e000), 4096, 4, ) == 0x0
 03244  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1108, {896, 2352}, ) == 0x0
 03245  2016   NtQueryInformationThread  (1108, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7febc000,Pid=896,Tid=2352,}, 0x0, ) == 0x0
 03246  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82127, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82127, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\4\0\0\200\3\0\00\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82128, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\4\0\0\200\3\0\00\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82128, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82127, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\4\0\0\200\3\0\00\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82128, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\4\0\0\200\3\0\00\11\0\0" )  ) == 0x0
 03247  2016   NtResumeThread  (1108, ... 1, ) == 0x0
 03248  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 269549568, 1048576, ) == 0x0
 03249  2016   NtAllocateVirtualMemory  (-1, 270589952, 0, 8192, 4096, 4, ... 270589952, 8192, ) == 0x0
 03250  2352   NtWaitForSingleObject  (128, 0, 0x0, ...
 03251  2016   NtProtectVirtualMemory  (-1, (0x1020e000), 4096, 260, ... (0x1020e000), 4096, 4, ) == 0x0
 03252  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1112, {896, 2356}, ) == 0x0
 03253  2016   NtQueryInformationThread  (1112, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7febb000,Pid=896,Tid=2356,}, 0x0, ) == 0x0
 03254  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82128, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82128, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\4\0\0\200\3\0\04\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82129, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\4\0\0\200\3\0\04\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82129, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82128, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\4\0\0\200\3\0\04\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82129, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\4\0\0\200\3\0\04\11\0\0" )  ) == 0x0
 03255  2016   NtResumeThread  (1112, ... 1, ) == 0x0
 03256  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03257  2356   NtWaitForSingleObject  (128, 0, 0x0, ...
 03256  2016   NtAllocateVirtualMemory  ... 270598144, 1048576, ) == 0x0
 03258  2016   NtAllocateVirtualMemory  (-1, 271638528, 0, 8192, 4096, 4, ... 271638528, 8192, ) == 0x0
 03259  2016   NtProtectVirtualMemory  (-1, (0x1030e000), 4096, 260, ... (0x1030e000), 4096, 4, ) == 0x0
 03260  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1116, {896, 2360}, ) == 0x0
 03261  2016   NtQueryInformationThread  (1116, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feba000,Pid=896,Tid=2360,}, 0x0, ) == 0x0
 03262  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82129, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82129, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\4\0\0\200\3\0\08\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82130, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\4\0\0\200\3\0\08\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82130, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82129, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\4\0\0\200\3\0\08\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82130, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\4\0\0\200\3\0\08\11\0\0" )  ) == 0x0
 03263  2016   NtResumeThread  (1116, ... 1, ) == 0x0
 03264  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 271646720, 1048576, ) == 0x0
 03265  2016   NtAllocateVirtualMemory  (-1, 272687104, 0, 8192, 4096, 4, ... 272687104, 8192, ) == 0x0
 03266  2360   NtWaitForSingleObject  (128, 0, 0x0, ...
 03267  2016   NtProtectVirtualMemory  (-1, (0x1040e000), 4096, 260, ... (0x1040e000), 4096, 4, ) == 0x0
 03268  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1120, {896, 2364}, ) == 0x0
 03269  2016   NtQueryInformationThread  (1120, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feb9000,Pid=896,Tid=2364,}, 0x0, ) == 0x0
 03270  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82130, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82130, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\4\0\0\200\3\0\0<\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82131, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\4\0\0\200\3\0\0<\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82131, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82130, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\4\0\0\200\3\0\0<\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82131, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\4\0\0\200\3\0\0<\11\0\0" )  ) == 0x0
 03271  2016   NtResumeThread  (1120, ... 1, ) == 0x0
 03272  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03273  2364   NtWaitForSingleObject  (128, 0, 0x0, ...
 03272  2016   NtAllocateVirtualMemory  ... 272695296, 1048576, ) == 0x0
 03274  2016   NtAllocateVirtualMemory  (-1, 273735680, 0, 8192, 4096, 4, ... 273735680, 8192, ) == 0x0
 03275  2016   NtProtectVirtualMemory  (-1, (0x1050e000), 4096, 260, ... (0x1050e000), 4096, 4, ) == 0x0
 03276  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1124, {896, 2368}, ) == 0x0
 03277  2016   NtQueryInformationThread  (1124, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feb8000,Pid=896,Tid=2368,}, 0x0, ) == 0x0
 03278  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82131, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82131, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\4\0\0\200\3\0\0@\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82132, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\4\0\0\200\3\0\0@\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82132, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82131, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\4\0\0\200\3\0\0@\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82132, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\4\0\0\200\3\0\0@\11\0\0" )  ) == 0x0
 03279  2016   NtResumeThread  (1124, ... 1, ) == 0x0
 03280  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 273743872, 1048576, ) == 0x0
 03281  2016   NtAllocateVirtualMemory  (-1, 274784256, 0, 8192, 4096, 4, ... 274784256, 8192, ) == 0x0
 03282  2368   NtWaitForSingleObject  (128, 0, 0x0, ...
 03283  2016   NtProtectVirtualMemory  (-1, (0x1060e000), 4096, 260, ... (0x1060e000), 4096, 4, ) == 0x0
 03284  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1128, {896, 2372}, ) == 0x0
 03285  2016   NtQueryInformationThread  (1128, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feb7000,Pid=896,Tid=2372,}, 0x0, ) == 0x0
 03286  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82132, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82132, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\4\0\0\200\3\0\0D\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82133, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\4\0\0\200\3\0\0D\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82133, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82132, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\4\0\0\200\3\0\0D\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82133, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\4\0\0\200\3\0\0D\11\0\0" )  ) == 0x0
 03287  2016   NtResumeThread  (1128, ... 1, ) == 0x0
 03288  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03289  2372   NtWaitForSingleObject  (128, 0, 0x0, ...
 03288  2016   NtAllocateVirtualMemory  ... 274792448, 1048576, ) == 0x0
 03290  2016   NtAllocateVirtualMemory  (-1, 275832832, 0, 8192, 4096, 4, ... 275832832, 8192, ) == 0x0
 03291  2016   NtProtectVirtualMemory  (-1, (0x1070e000), 4096, 260, ... (0x1070e000), 4096, 4, ) == 0x0
 03292  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 03293  1716   NtUnmapViewOfSection  (-1, 0x390000, ... ) == 0x0
 03294  1716   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\mswsock.dll"}, 11596584, ... ) }, 11596584, ... ) == 0x0
 03295  1716   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\mswsock.dll"}, 5, 96, ... 1132, {status=0x0, info=1}, ) }, 5, 96, ... 1132, {status=0x0, info=1}, ) == 0x0
 03296  1716   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 1132, ... 1136, ) == 0x0
 03297  1716   NtQuerySection  (1136, Image, 48, ...
 03292  2016   NtCreateThread  ... 1140, {896, 2376}, ) == 0x0
 03298  2016   NtQueryInformationThread  (1140, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feb6000,Pid=896,Tid=2376,}, 0x0, ) == 0x0
 03299  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82133, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82133, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\4\0\0\200\3\0\0H\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82134, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\4\0\0\200\3\0\0H\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82134, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82133, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\4\0\0\200\3\0\0H\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82134, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\4\0\0\200\3\0\0H\11\0\0" )  ) == 0x0
 03300  2016   NtResumeThread  (1140, ... 1, ) == 0x0
 03301  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03297  1716   NtQuerySection  ... {section info, class 1, size 48}, 0x0, ) == 0x0
 03302  2376   NtWaitForSingleObject  (128, 0, 0x0, ...
 03303  1716   NtClose  (1132, ... ) == 0x0
 03304  1716   NtMapViewOfSection  (1136, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71a50000), 0x0, 258048, ) == 0x0
 03305  1716   NtClose  (1136, ... ) == 0x0
 03306  1716   NtProtectVirtualMemory  (-1, (0x71a51000), 1060, 4, ... (0x71a51000), 4096, 32, ) == 0x0
 03301  2016   NtAllocateVirtualMemory  ... 275841024, 1048576, ) == 0x0
 03307  2016   NtAllocateVirtualMemory  (-1, 276881408, 0, 8192, 4096, 4, ... 276881408, 8192, ) == 0x0
 03308  2016   NtProtectVirtualMemory  (-1, (0x1080e000), 4096, 260, ... (0x1080e000), 4096, 4, ) == 0x0
 03309  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1136, {896, 2380}, ) == 0x0
 03310  2016   NtQueryInformationThread  (1136, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feb5000,Pid=896,Tid=2380,}, 0x0, ) == 0x0
 03311  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82134, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82134, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\4\0\0\200\3\0\0L\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82135, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\4\0\0\200\3\0\0L\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82135, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82134, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\4\0\0\200\3\0\0L\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82135, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\4\0\0\200\3\0\0L\11\0\0" )  ) == 0x0
 03312  2016   NtResumeThread  (1136, ... 1, ) == 0x0
 03313  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03314  2380   NtWaitForSingleObject  (128, 0, 0x0, ...
 03313  2016   NtAllocateVirtualMemory  ... 276889600, 1048576, ) == 0x0
 03315  2016   NtAllocateVirtualMemory  (-1, 277929984, 0, 8192, 4096, 4, ... 277929984, 8192, ) == 0x0
 03316  2016   NtProtectVirtualMemory  (-1, (0x1090e000), 4096, 260, ... (0x1090e000), 4096, 4, ) == 0x0
 03317  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1132, {896, 2384}, ) == 0x0
 03318  2016   NtQueryInformationThread  (1132, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feb4000,Pid=896,Tid=2384,}, 0x0, ) == 0x0
 03319  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82135, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82135, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\4\0\0\200\3\0\0P\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82136, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\4\0\0\200\3\0\0P\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82136, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82135, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\4\0\0\200\3\0\0P\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82136, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\4\0\0\200\3\0\0P\11\0\0" )  ) == 0x0
 03320  2016   NtResumeThread  (1132, ... 1, ) == 0x0
 03321  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03322  2384   NtWaitForSingleObject  (128, 0, 0x0, ...
 03321  2016   NtAllocateVirtualMemory  ... 277938176, 1048576, ) == 0x0
 03323  2016   NtAllocateVirtualMemory  (-1, 278978560, 0, 8192, 4096, 4, ... 278978560, 8192, ) == 0x0
 03324  2016   NtProtectVirtualMemory  (-1, (0x10a0e000), 4096, 260, ... (0x10a0e000), 4096, 4, ) == 0x0
 03325  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1144, {896, 2388}, ) == 0x0
 03326  2016   NtQueryInformationThread  (1144, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feb3000,Pid=896,Tid=2388,}, 0x0, ) == 0x0
 03327  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82136, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82136, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\4\0\0\200\3\0\0T\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82137, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\4\0\0\200\3\0\0T\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82137, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82136, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\4\0\0\200\3\0\0T\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82137, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\4\0\0\200\3\0\0T\11\0\0" )  ) == 0x0
 03328  2016   NtResumeThread  (1144, ... 1, ) == 0x0
 03329  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 278986752, 1048576, ) == 0x0
 03330  2016   NtAllocateVirtualMemory  (-1, 280027136, 0, 8192, 4096, 4, ... 280027136, 8192, ) == 0x0
 03331  2388   NtWaitForSingleObject  (128, 0, 0x0, ...
 03332  2016   NtProtectVirtualMemory  (-1, (0x10b0e000), 4096, 260, ... (0x10b0e000), 4096, 4, ) == 0x0
 03333  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1148, {896, 2392}, ) == 0x0
 03334  2016   NtQueryInformationThread  (1148, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feb2000,Pid=896,Tid=2392,}, 0x0, ) == 0x0
 03335  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82137, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82137, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\4\0\0\200\3\0\0X\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82138, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\4\0\0\200\3\0\0X\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82138, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82137, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\4\0\0\200\3\0\0X\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82138, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\4\0\0\200\3\0\0X\11\0\0" )  ) == 0x0
 03336  2016   NtResumeThread  (1148, ... 1, ) == 0x0
 03337  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03338  2392   NtWaitForSingleObject  (128, 0, 0x0, ...
 03337  2016   NtAllocateVirtualMemory  ... 280035328, 1048576, ) == 0x0
 03339  2016   NtAllocateVirtualMemory  (-1, 281075712, 0, 8192, 4096, 4, ... 281075712, 8192, ) == 0x0
 03340  2016   NtProtectVirtualMemory  (-1, (0x10c0e000), 4096, 260, ... (0x10c0e000), 4096, 4, ) == 0x0
 03341  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1152, {896, 2396}, ) == 0x0
 03342  2016   NtQueryInformationThread  (1152, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feb1000,Pid=896,Tid=2396,}, 0x0, ) == 0x0
 03343  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82138, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82138, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\4\0\0\200\3\0\0\\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82139, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\4\0\0\200\3\0\0\\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82139, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82138, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\4\0\0\200\3\0\0\\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82139, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\4\0\0\200\3\0\0\\11\0\0" )  ) == 0x0
 03344  2016   NtResumeThread  (1152, ... 1, ) == 0x0
 03345  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 281083904, 1048576, ) == 0x0
 03346  2016   NtAllocateVirtualMemory  (-1, 282124288, 0, 8192, 4096, 4, ... 282124288, 8192, ) == 0x0
 03347  2396   NtWaitForSingleObject  (128, 0, 0x0, ...
 03348  2016   NtProtectVirtualMemory  (-1, (0x10d0e000), 4096, 260, ... (0x10d0e000), 4096, 4, ) == 0x0
 03349  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1156, {896, 2400}, ) == 0x0
 03350  2016   NtQueryInformationThread  (1156, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feb0000,Pid=896,Tid=2400,}, 0x0, ) == 0x0
 03351  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82139, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82139, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\4\0\0\200\3\0\0`\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82140, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\4\0\0\200\3\0\0`\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82140, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82139, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\4\0\0\200\3\0\0`\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82140, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\4\0\0\200\3\0\0`\11\0\0" )  ) == 0x0
 03352  2016   NtResumeThread  (1156, ... 1, ) == 0x0
 03353  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03354  2400   NtWaitForSingleObject  (128, 0, 0x0, ...
 03353  2016   NtAllocateVirtualMemory  ... 282132480, 1048576, ) == 0x0
 03355  2016   NtAllocateVirtualMemory  (-1, 283172864, 0, 8192, 4096, 4, ... 283172864, 8192, ) == 0x0
 03356  2016   NtProtectVirtualMemory  (-1, (0x10e0e000), 4096, 260, ... (0x10e0e000), 4096, 4, ) == 0x0
 03357  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1160, {896, 2404}, ) == 0x0
 03358  2016   NtQueryInformationThread  (1160, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feaf000,Pid=896,Tid=2404,}, 0x0, ) == 0x0
 03359  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82140, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82140, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\4\0\0\200\3\0\0d\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82141, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\4\0\0\200\3\0\0d\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82141, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82140, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\4\0\0\200\3\0\0d\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82141, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\4\0\0\200\3\0\0d\11\0\0" )  ) == 0x0
 03360  2016   NtResumeThread  (1160, ... 1, ) == 0x0
 03361  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 283181056, 1048576, ) == 0x0
 03362  2016   NtAllocateVirtualMemory  (-1, 284221440, 0, 8192, 4096, 4, ... 284221440, 8192, ) == 0x0
 03363  2404   NtWaitForSingleObject  (128, 0, 0x0, ...
 03364  2016   NtProtectVirtualMemory  (-1, (0x10f0e000), 4096, 260, ... (0x10f0e000), 4096, 4, ) == 0x0
 03365  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1164, {896, 2408}, ) == 0x0
 03366  2016   NtQueryInformationThread  (1164, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feae000,Pid=896,Tid=2408,}, 0x0, ) == 0x0
 03367  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82141, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82141, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\4\0\0\200\3\0\0h\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82142, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\4\0\0\200\3\0\0h\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82142, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82141, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\4\0\0\200\3\0\0h\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82142, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\4\0\0\200\3\0\0h\11\0\0" )  ) == 0x0
 03368  2016   NtResumeThread  (1164, ... 1, ) == 0x0
 03369  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03370  2408   NtWaitForSingleObject  (128, 0, 0x0, ...
 03369  2016   NtAllocateVirtualMemory  ... 284229632, 1048576, ) == 0x0
 03371  2016   NtAllocateVirtualMemory  (-1, 285270016, 0, 8192, 4096, 4, ... 285270016, 8192, ) == 0x0
 03372  2016   NtProtectVirtualMemory  (-1, (0x1100e000), 4096, 260, ... (0x1100e000), 4096, 4, ) == 0x0
 03373  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1168, {896, 2412}, ) == 0x0
 03374  2016   NtQueryInformationThread  (1168, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fead000,Pid=896,Tid=2412,}, 0x0, ) == 0x0
 03375  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82142, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82142, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\4\0\0\200\3\0\0l\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82145, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\4\0\0\200\3\0\0l\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82145, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82142, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\4\0\0\200\3\0\0l\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82145, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\4\0\0\200\3\0\0l\11\0\0" )  ) == 0x0
 03376  2016   NtResumeThread  (1168, ... 1, ) == 0x0
 03377  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03378  2412   NtWaitForSingleObject  (128, 0, 0x0, ...
 03377  2016   NtAllocateVirtualMemory  ... 285278208, 1048576, ) == 0x0
 03379  2016   NtAllocateVirtualMemory  (-1, 286318592, 0, 8192, 4096, 4, ... 286318592, 8192, ) == 0x0
 03380  2016   NtProtectVirtualMemory  (-1, (0x1110e000), 4096, 260, ... (0x1110e000), 4096, 4, ) == 0x0
 03381  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1172, {896, 2416}, ) == 0x0
 03382  2016   NtQueryInformationThread  (1172, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feac000,Pid=896,Tid=2416,}, 0x0, ) == 0x0
 03383  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82145, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82145, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\4\0\0\200\3\0\0p\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82146, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\4\0\0\200\3\0\0p\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82146, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82145, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\4\0\0\200\3\0\0p\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82146, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\4\0\0\200\3\0\0p\11\0\0" )  ) == 0x0
 03384  2016   NtResumeThread  (1172, ... 1, ) == 0x0
 03385  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 286326784, 1048576, ) == 0x0
 03386  2016   NtAllocateVirtualMemory  (-1, 287367168, 0, 8192, 4096, 4, ... 287367168, 8192, ) == 0x0
 03387  2416   NtWaitForSingleObject  (128, 0, 0x0, ...
 03388  2016   NtProtectVirtualMemory  (-1, (0x1120e000), 4096, 260, ... (0x1120e000), 4096, 4, ) == 0x0
 03389  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1176, {896, 2420}, ) == 0x0
 03390  2016   NtQueryInformationThread  (1176, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feab000,Pid=896,Tid=2420,}, 0x0, ) == 0x0
 03391  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82146, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82146, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\4\0\0\200\3\0\0t\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82147, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\4\0\0\200\3\0\0t\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82147, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82146, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\4\0\0\200\3\0\0t\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82147, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\4\0\0\200\3\0\0t\11\0\0" )  ) == 0x0
 03392  2016   NtResumeThread  (1176, ... 1, ) == 0x0
 03393  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03394  2420   NtWaitForSingleObject  (128, 0, 0x0, ...
 03393  2016   NtAllocateVirtualMemory  ... 287375360, 1048576, ) == 0x0
 03395  2016   NtAllocateVirtualMemory  (-1, 288415744, 0, 8192, 4096, 4, ... 288415744, 8192, ) == 0x0
 03396  2016   NtProtectVirtualMemory  (-1, (0x1130e000), 4096, 260, ... (0x1130e000), 4096, 4, ) == 0x0
 03397  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1180, {896, 2424}, ) == 0x0
 03398  2016   NtQueryInformationThread  (1180, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feaa000,Pid=896,Tid=2424,}, 0x0, ) == 0x0
 03399  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82147, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82147, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\4\0\0\200\3\0\0x\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82148, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\4\0\0\200\3\0\0x\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82148, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82147, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\4\0\0\200\3\0\0x\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82148, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\4\0\0\200\3\0\0x\11\0\0" )  ) == 0x0
 03400  2016   NtResumeThread  (1180, ... 1, ) == 0x0
 03401  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 288423936, 1048576, ) == 0x0
 03402  2424   NtWaitForSingleObject  (128, 0, 0x0, ...
 03403  2016   NtAllocateVirtualMemory  (-1, 289464320, 0, 8192, 4096, 4, ... 289464320, 8192, ) == 0x0
 03404  2016   NtProtectVirtualMemory  (-1, (0x1140e000), 4096, 260, ... (0x1140e000), 4096, 4, ) == 0x0
 03405  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1184, {896, 2428}, ) == 0x0
 03406  2016   NtQueryInformationThread  (1184, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fea9000,Pid=896,Tid=2428,}, 0x0, ) == 0x0
 03407  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82148, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82148, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\4\0\0\200\3\0\0|\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82149, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\4\0\0\200\3\0\0|\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82149, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82148, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\4\0\0\200\3\0\0|\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82149, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\4\0\0\200\3\0\0|\11\0\0" )  ) == 0x0
 03408  2016   NtResumeThread  (1184, ... 1, ) == 0x0
 03409  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 289472512, 1048576, ) == 0x0
 03410  2016   NtAllocateVirtualMemory  (-1, 290512896, 0, 8192, 4096, 4, ... 290512896, 8192, ) == 0x0
 03411  2016   NtProtectVirtualMemory  (-1, (0x1150e000), 4096, 260, ...
 03412  2428   NtWaitForSingleObject  (128, 0, 0x0, ...
 03411  2016   NtProtectVirtualMemory  ... (0x1150e000), 4096, 4, ) == 0x0
 03413  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1188, {896, 2432}, ) == 0x0
 03414  2016   NtQueryInformationThread  (1188, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fea8000,Pid=896,Tid=2432,}, 0x0, ) == 0x0
 03415  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82149, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82149, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\4\0\0\200\3\0\0\200\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82150, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\4\0\0\200\3\0\0\200\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82150, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82149, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\4\0\0\200\3\0\0\200\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82150, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\4\0\0\200\3\0\0\200\11\0\0" )  ) == 0x0
 03416  2016   NtResumeThread  (1188, ... 1, ) == 0x0
 03417  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 290521088, 1048576, ) == 0x0
 03418  2432   NtWaitForSingleObject  (128, 0, 0x0, ...
 03419  2016   NtAllocateVirtualMemory  (-1, 291561472, 0, 8192, 4096, 4, ... 291561472, 8192, ) == 0x0
 03420  2016   NtProtectVirtualMemory  (-1, (0x1160e000), 4096, 260, ... (0x1160e000), 4096, 4, ) == 0x0
 03421  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1192, {896, 2436}, ) == 0x0
 03422  2016   NtQueryInformationThread  (1192, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fea7000,Pid=896,Tid=2436,}, 0x0, ) == 0x0
 03423  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82150, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82150, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\4\0\0\200\3\0\0\204\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82151, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\4\0\0\200\3\0\0\204\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82151, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82150, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\4\0\0\200\3\0\0\204\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82151, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\4\0\0\200\3\0\0\204\11\0\0" )  ) == 0x0
 03424  2016   NtResumeThread  (1192, ... 1, ) == 0x0
 03425  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 291569664, 1048576, ) == 0x0
 03426  2016   NtAllocateVirtualMemory  (-1, 292610048, 0, 8192, 4096, 4, ... 292610048, 8192, ) == 0x0
 03427  2016   NtProtectVirtualMemory  (-1, (0x1170e000), 4096, 260, ...
 03428  2436   NtWaitForSingleObject  (128, 0, 0x0, ...
 03427  2016   NtProtectVirtualMemory  ... (0x1170e000), 4096, 4, ) == 0x0
 03429  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1196, {896, 2440}, ) == 0x0
 03430  2016   NtQueryInformationThread  (1196, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fea6000,Pid=896,Tid=2440,}, 0x0, ) == 0x0
 03431  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82151, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82151, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\4\0\0\200\3\0\0\210\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82152, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\4\0\0\200\3\0\0\210\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82152, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82151, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\4\0\0\200\3\0\0\210\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82152, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\4\0\0\200\3\0\0\210\11\0\0" )  ) == 0x0
 03432  2016   NtResumeThread  (1196, ... 1, ) == 0x0
 03433  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 292618240, 1048576, ) == 0x0
 03434  2440   NtWaitForSingleObject  (128, 0, 0x0, ...
 03435  2016   NtAllocateVirtualMemory  (-1, 293658624, 0, 8192, 4096, 4, ... 293658624, 8192, ) == 0x0
 03436  2016   NtProtectVirtualMemory  (-1, (0x1180e000), 4096, 260, ... (0x1180e000), 4096, 4, ) == 0x0
 03437  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1200, {896, 2444}, ) == 0x0
 03438  2016   NtQueryInformationThread  (1200, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fea5000,Pid=896,Tid=2444,}, 0x0, ) == 0x0
 03439  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82152, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82152, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\4\0\0\200\3\0\0\214\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82153, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\4\0\0\200\3\0\0\214\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82153, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82152, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\4\0\0\200\3\0\0\214\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82153, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\4\0\0\200\3\0\0\214\11\0\0" )  ) == 0x0
 03440  2016   NtResumeThread  (1200, ... 1, ) == 0x0
 03441  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 293666816, 1048576, ) == 0x0
 03442  2016   NtAllocateVirtualMemory  (-1, 294707200, 0, 8192, 4096, 4, ... 294707200, 8192, ) == 0x0
 03443  2016   NtProtectVirtualMemory  (-1, (0x1190e000), 4096, 260, ...
 03444  2444   NtWaitForSingleObject  (128, 0, 0x0, ...
 03443  2016   NtProtectVirtualMemory  ... (0x1190e000), 4096, 4, ) == 0x0
 03445  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1204, {896, 2448}, ) == 0x0
 03446  2016   NtQueryInformationThread  (1204, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fea4000,Pid=896,Tid=2448,}, 0x0, ) == 0x0
 03447  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82153, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82153, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\4\0\0\200\3\0\0\220\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82154, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\4\0\0\200\3\0\0\220\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82154, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82153, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\4\0\0\200\3\0\0\220\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82154, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\4\0\0\200\3\0\0\220\11\0\0" )  ) == 0x0
 03448  2016   NtResumeThread  (1204, ... 1, ) == 0x0
 03449  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 294715392, 1048576, ) == 0x0
 03450  2016   NtAllocateVirtualMemory  (-1, 295755776, 0, 8192, 4096, 4, ... 295755776, 8192, ) == 0x0
 03451  2016   NtProtectVirtualMemory  (-1, (0x11a0e000), 4096, 260, ...
 03452  2448   NtWaitForSingleObject  (128, 0, 0x0, ...
 03451  2016   NtProtectVirtualMemory  ... (0x11a0e000), 4096, 4, ) == 0x0
 03453  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1208, {896, 2452}, ) == 0x0
 03454  2016   NtQueryInformationThread  (1208, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fea3000,Pid=896,Tid=2452,}, 0x0, ) == 0x0
 03455  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82154, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82154, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\4\0\0\200\3\0\0\224\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82155, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\4\0\0\200\3\0\0\224\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82155, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82154, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\4\0\0\200\3\0\0\224\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82155, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\4\0\0\200\3\0\0\224\11\0\0" )  ) == 0x0
 03456  2016   NtResumeThread  (1208, ... 1, ) == 0x0
 03457  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 295763968, 1048576, ) == 0x0
 03458  2452   NtWaitForSingleObject  (128, 0, 0x0, ...
 03459  2016   NtAllocateVirtualMemory  (-1, 296804352, 0, 8192, 4096, 4, ... 296804352, 8192, ) == 0x0
 03460  2016   NtProtectVirtualMemory  (-1, (0x11b0e000), 4096, 260, ... (0x11b0e000), 4096, 4, ) == 0x0
 03461  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1212, {896, 2456}, ) == 0x0
 03462  2016   NtQueryInformationThread  (1212, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fea2000,Pid=896,Tid=2456,}, 0x0, ) == 0x0
 03463  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82155, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82155, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\4\0\0\200\3\0\0\230\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82156, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\4\0\0\200\3\0\0\230\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82156, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82155, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\4\0\0\200\3\0\0\230\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82156, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\4\0\0\200\3\0\0\230\11\0\0" )  ) == 0x0
 03464  2016   NtResumeThread  (1212, ... 1, ) == 0x0
 03465  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 296812544, 1048576, ) == 0x0
 03466  2016   NtAllocateVirtualMemory  (-1, 297852928, 0, 8192, 4096, 4, ... 297852928, 8192, ) == 0x0
 03467  2456   NtWaitForSingleObject  (128, 0, 0x0, ...
 03468  2016   NtProtectVirtualMemory  (-1, (0x11c0e000), 4096, 260, ... (0x11c0e000), 4096, 4, ) == 0x0
 03469  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1216, {896, 2460}, ) == 0x0
 03470  2016   NtQueryInformationThread  (1216, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fea1000,Pid=896,Tid=2460,}, 0x0, ) == 0x0
 03471  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82156, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82156, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\4\0\0\200\3\0\0\234\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82157, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\4\0\0\200\3\0\0\234\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82157, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82156, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\4\0\0\200\3\0\0\234\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82157, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\4\0\0\200\3\0\0\234\11\0\0" )  ) == 0x0
 03472  2016   NtResumeThread  (1216, ... 1, ) == 0x0
 03473  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03474  2460   NtWaitForSingleObject  (128, 0, 0x0, ...
 03473  2016   NtAllocateVirtualMemory  ... 297861120, 1048576, ) == 0x0
 03475  2016   NtAllocateVirtualMemory  (-1, 298901504, 0, 8192, 4096, 4, ... 298901504, 8192, ) == 0x0
 03476  2016   NtProtectVirtualMemory  (-1, (0x11d0e000), 4096, 260, ... (0x11d0e000), 4096, 4, ) == 0x0
 03477  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1220, {896, 2464}, ) == 0x0
 03478  2016   NtQueryInformationThread  (1220, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fea0000,Pid=896,Tid=2464,}, 0x0, ) == 0x0
 03479  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82157, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82157, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\4\0\0\200\3\0\0\240\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82158, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\4\0\0\200\3\0\0\240\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82158, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82157, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\4\0\0\200\3\0\0\240\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82158, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\4\0\0\200\3\0\0\240\11\0\0" )  ) == 0x0
 03480  2016   NtResumeThread  (1220, ... 1, ) == 0x0
 03481  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 298909696, 1048576, ) == 0x0
 03482  2016   NtAllocateVirtualMemory  (-1, 299950080, 0, 8192, 4096, 4, ... 299950080, 8192, ) == 0x0
 03483  2464   NtWaitForSingleObject  (128, 0, 0x0, ...
 03484  2016   NtProtectVirtualMemory  (-1, (0x11e0e000), 4096, 260, ... (0x11e0e000), 4096, 4, ) == 0x0
 03485  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1224, {896, 2468}, ) == 0x0
 03486  2016   NtQueryInformationThread  (1224, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe9f000,Pid=896,Tid=2468,}, 0x0, ) == 0x0
 03487  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82158, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82158, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\4\0\0\200\3\0\0\244\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82159, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\4\0\0\200\3\0\0\244\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82159, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82158, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\4\0\0\200\3\0\0\244\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82159, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\4\0\0\200\3\0\0\244\11\0\0" )  ) == 0x0
 03488  2016   NtResumeThread  (1224, ... 1, ) == 0x0
 03489  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03490  2468   NtWaitForSingleObject  (128, 0, 0x0, ...
 03489  2016   NtAllocateVirtualMemory  ... 299958272, 1048576, ) == 0x0
 03491  2016   NtAllocateVirtualMemory  (-1, 300998656, 0, 8192, 4096, 4, ... 300998656, 8192, ) == 0x0
 03492  2016   NtProtectVirtualMemory  (-1, (0x11f0e000), 4096, 260, ... (0x11f0e000), 4096, 4, ) == 0x0
 03493  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1228, {896, 2472}, ) == 0x0
 03494  2016   NtQueryInformationThread  (1228, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe9e000,Pid=896,Tid=2472,}, 0x0, ) == 0x0
 03495  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82159, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82159, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\4\0\0\200\3\0\0\250\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82160, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\4\0\0\200\3\0\0\250\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82160, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82159, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\4\0\0\200\3\0\0\250\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82160, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\4\0\0\200\3\0\0\250\11\0\0" )  ) == 0x0
 03496  2016   NtResumeThread  (1228, ... 1, ) == 0x0
 03497  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 301006848, 1048576, ) == 0x0
 03498  2016   NtAllocateVirtualMemory  (-1, 302047232, 0, 8192, 4096, 4, ... 302047232, 8192, ) == 0x0
 03499  2472   NtWaitForSingleObject  (128, 0, 0x0, ...
 03500  2016   NtProtectVirtualMemory  (-1, (0x1200e000), 4096, 260, ... (0x1200e000), 4096, 4, ) == 0x0
 03501  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1232, {896, 2476}, ) == 0x0
 03502  2016   NtQueryInformationThread  (1232, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe9d000,Pid=896,Tid=2476,}, 0x0, ) == 0x0
 03503  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82160, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82160, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\4\0\0\200\3\0\0\254\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82161, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\4\0\0\200\3\0\0\254\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82161, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82160, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\4\0\0\200\3\0\0\254\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82161, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\4\0\0\200\3\0\0\254\11\0\0" )  ) == 0x0
 03504  2016   NtResumeThread  (1232, ... 1, ) == 0x0
 03505  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03506  2476   NtWaitForSingleObject  (128, 0, 0x0, ...
 03505  2016   NtAllocateVirtualMemory  ... 302055424, 1048576, ) == 0x0
 03507  2016   NtAllocateVirtualMemory  (-1, 303095808, 0, 8192, 4096, 4, ... 303095808, 8192, ) == 0x0
 03508  2016   NtProtectVirtualMemory  (-1, (0x1210e000), 4096, 260, ... (0x1210e000), 4096, 4, ) == 0x0
 03509  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1236, {896, 2480}, ) == 0x0
 03510  2016   NtQueryInformationThread  (1236, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe9c000,Pid=896,Tid=2480,}, 0x0, ) == 0x0
 03511  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82161, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82161, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\4\0\0\200\3\0\0\260\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82162, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\4\0\0\200\3\0\0\260\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82162, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82161, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\4\0\0\200\3\0\0\260\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82162, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\4\0\0\200\3\0\0\260\11\0\0" )  ) == 0x0
 03512  2016   NtResumeThread  (1236, ... 1, ) == 0x0
 03513  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03514  2480   NtWaitForSingleObject  (128, 0, 0x0, ...
 03513  2016   NtAllocateVirtualMemory  ... 303104000, 1048576, ) == 0x0
 03515  2016   NtAllocateVirtualMemory  (-1, 304144384, 0, 8192, 4096, 4, ... 304144384, 8192, ) == 0x0
 03516  2016   NtProtectVirtualMemory  (-1, (0x1220e000), 4096, 260, ... (0x1220e000), 4096, 4, ) == 0x0
 03517  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1240, {896, 2484}, ) == 0x0
 03518  2016   NtQueryInformationThread  (1240, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe9b000,Pid=896,Tid=2484,}, 0x0, ) == 0x0
 03519  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82162, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82162, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\4\0\0\200\3\0\0\264\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82163, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\4\0\0\200\3\0\0\264\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82163, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82162, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\4\0\0\200\3\0\0\264\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82163, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\4\0\0\200\3\0\0\264\11\0\0" )  ) == 0x0
 03520  2016   NtResumeThread  (1240, ... 1, ) == 0x0
 03521  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 304152576, 1048576, ) == 0x0
 03522  2016   NtAllocateVirtualMemory  (-1, 305192960, 0, 8192, 4096, 4, ... 305192960, 8192, ) == 0x0
 03523  2484   NtWaitForSingleObject  (128, 0, 0x0, ...
 03524  2016   NtProtectVirtualMemory  (-1, (0x1230e000), 4096, 260, ... (0x1230e000), 4096, 4, ) == 0x0
 03525  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1244, {896, 2488}, ) == 0x0
 03526  2016   NtQueryInformationThread  (1244, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe9a000,Pid=896,Tid=2488,}, 0x0, ) == 0x0
 03527  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82163, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82163, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\4\0\0\200\3\0\0\270\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82164, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\4\0\0\200\3\0\0\270\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82164, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82163, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\4\0\0\200\3\0\0\270\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82164, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\4\0\0\200\3\0\0\270\11\0\0" )  ) == 0x0
 03528  2016   NtResumeThread  (1244, ... 1, ) == 0x0
 03529  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03530  2488   NtWaitForSingleObject  (128, 0, 0x0, ...
 03529  2016   NtAllocateVirtualMemory  ... 305201152, 1048576, ) == 0x0
 03531  2016   NtAllocateVirtualMemory  (-1, 306241536, 0, 8192, 4096, 4, ... 306241536, 8192, ) == 0x0
 03532  2016   NtProtectVirtualMemory  (-1, (0x1240e000), 4096, 260, ... (0x1240e000), 4096, 4, ) == 0x0
 03533  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1248, {896, 2492}, ) == 0x0
 03534  2016   NtQueryInformationThread  (1248, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe99000,Pid=896,Tid=2492,}, 0x0, ) == 0x0
 03535  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82164, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82164, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\4\0\0\200\3\0\0\274\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82165, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\4\0\0\200\3\0\0\274\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82165, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82164, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\4\0\0\200\3\0\0\274\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82165, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\4\0\0\200\3\0\0\274\11\0\0" )  ) == 0x0
 03536  2016   NtResumeThread  (1248, ... 1, ) == 0x0
 03537  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 306249728, 1048576, ) == 0x0
 03538  2016   NtAllocateVirtualMemory  (-1, 307290112, 0, 8192, 4096, 4, ... 307290112, 8192, ) == 0x0
 03539  2492   NtWaitForSingleObject  (128, 0, 0x0, ...
 03540  2016   NtProtectVirtualMemory  (-1, (0x1250e000), 4096, 260, ... (0x1250e000), 4096, 4, ) == 0x0
 03541  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1252, {896, 2496}, ) == 0x0
 03542  2016   NtQueryInformationThread  (1252, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe98000,Pid=896,Tid=2496,}, 0x0, ) == 0x0
 03543  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82165, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82165, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\4\0\0\200\3\0\0\300\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82166, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\4\0\0\200\3\0\0\300\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82166, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82165, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\4\0\0\200\3\0\0\300\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82166, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\4\0\0\200\3\0\0\300\11\0\0" )  ) == 0x0
 03544  2016   NtResumeThread  (1252, ... 1, ) == 0x0
 03545  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03546  2496   NtWaitForSingleObject  (128, 0, 0x0, ...
 03545  2016   NtAllocateVirtualMemory  ... 307298304, 1048576, ) == 0x0
 03547  2016   NtAllocateVirtualMemory  (-1, 308338688, 0, 8192, 4096, 4, ... 308338688, 8192, ) == 0x0
 03548  2016   NtProtectVirtualMemory  (-1, (0x1260e000), 4096, 260, ... (0x1260e000), 4096, 4, ) == 0x0
 03549  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1256, {896, 2500}, ) == 0x0
 03550  2016   NtQueryInformationThread  (1256, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe97000,Pid=896,Tid=2500,}, 0x0, ) == 0x0
 03551  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82166, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82166, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\4\0\0\200\3\0\0\304\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82167, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\4\0\0\200\3\0\0\304\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82167, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82166, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\4\0\0\200\3\0\0\304\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82167, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\4\0\0\200\3\0\0\304\11\0\0" )  ) == 0x0
 03552  2016   NtResumeThread  (1256, ... 1, ) == 0x0
 03553  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 308346880, 1048576, ) == 0x0
 03554  2016   NtAllocateVirtualMemory  (-1, 309387264, 0, 8192, 4096, 4, ... 309387264, 8192, ) == 0x0
 03555  2500   NtWaitForSingleObject  (128, 0, 0x0, ...
 03556  2016   NtProtectVirtualMemory  (-1, (0x1270e000), 4096, 260, ... (0x1270e000), 4096, 4, ) == 0x0
 03557  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1260, {896, 2504}, ) == 0x0
 03558  2016   NtQueryInformationThread  (1260, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe96000,Pid=896,Tid=2504,}, 0x0, ) == 0x0
 03559  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82167, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82167, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\4\0\0\200\3\0\0\310\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82168, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\4\0\0\200\3\0\0\310\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82168, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82167, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\4\0\0\200\3\0\0\310\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82168, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\4\0\0\200\3\0\0\310\11\0\0" )  ) == 0x0
 03560  2016   NtResumeThread  (1260, ... 1, ) == 0x0
 03561  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03562  2504   NtWaitForSingleObject  (128, 0, 0x0, ...
 03561  2016   NtAllocateVirtualMemory  ... 309395456, 1048576, ) == 0x0
 03563  2016   NtAllocateVirtualMemory  (-1, 310435840, 0, 8192, 4096, 4, ... 310435840, 8192, ) == 0x0
 03564  2016   NtProtectVirtualMemory  (-1, (0x1280e000), 4096, 260, ... (0x1280e000), 4096, 4, ) == 0x0
 03565  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1264, {896, 2508}, ) == 0x0
 03566  2016   NtQueryInformationThread  (1264, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe95000,Pid=896,Tid=2508,}, 0x0, ) == 0x0
 03567  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82168, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82168, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\4\0\0\200\3\0\0\314\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82169, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\4\0\0\200\3\0\0\314\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82169, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82168, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\4\0\0\200\3\0\0\314\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82169, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\4\0\0\200\3\0\0\314\11\0\0" )  ) == 0x0
 03568  2016   NtResumeThread  (1264, ... 1, ) == 0x0
 03569  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 310444032, 1048576, ) == 0x0
 03570  2016   NtAllocateVirtualMemory  (-1, 311484416, 0, 8192, 4096, 4, ... 311484416, 8192, ) == 0x0
 03571  2508   NtWaitForSingleObject  (128, 0, 0x0, ...
 03572  2016   NtProtectVirtualMemory  (-1, (0x1290e000), 4096, 260, ... (0x1290e000), 4096, 4, ) == 0x0
 03573  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1268, {896, 2512}, ) == 0x0
 03574  2016   NtQueryInformationThread  (1268, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe94000,Pid=896,Tid=2512,}, 0x0, ) == 0x0
 03575  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82169, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82169, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\4\0\0\200\3\0\0\320\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82170, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\4\0\0\200\3\0\0\320\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82170, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82169, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\4\0\0\200\3\0\0\320\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82170, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\4\0\0\200\3\0\0\320\11\0\0" )  ) == 0x0
 03576  1716   NtProtectVirtualMemory  (-1, (0x71a51000), 4096, 32, ...
 03577  2016   NtResumeThread  (1268, ... 1, ) == 0x0
 03578  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 311492608, 1048576, ) == 0x0
 03579  2016   NtAllocateVirtualMemory  (-1, 312532992, 0, 8192, 4096, 4, ... 312532992, 8192, ) == 0x0
 03580  2016   NtProtectVirtualMemory  (-1, (0x12a0e000), 4096, 260, ... (0x12a0e000), 4096, 4, ) == 0x0
 03581  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1272, {896, 2516}, ) == 0x0
 03582  2016   NtQueryInformationThread  (1272, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe93000,Pid=896,Tid=2516,}, 0x0, ) == 0x0
 03576  1716   NtProtectVirtualMemory  ... (0x71a51000), 4096, 4, ) == 0x0
 03583  2512   NtWaitForSingleObject  (128, 0, 0x0, ...
 03584  1716   NtFlushInstructionCache  (-1, 1906642944, 1060, ... ) == 0x0
 03585  1716   NtProtectVirtualMemory  (-1, (0x71a51000), 1060, 4, ... (0x71a51000), 4096, 32, ) == 0x0
 03586  1716   NtProtectVirtualMemory  (-1, (0x71a51000), 4096, 32, ... (0x71a51000), 4096, 4, ) == 0x0
 03587  1716   NtFlushInstructionCache  (-1, 1906642944, 1060, ... ) == 0x0
 03588  1716   NtProtectVirtualMemory  (-1, (0x71a51000), 1060, 4, ... (0x71a51000), 4096, 32, ) == 0x0
 03589  1716   NtProtectVirtualMemory  (-1, (0x71a51000), 4096, 32, ...
 03590  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82170, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82170, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\4\0\0\200\3\0\0\324\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82171, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\4\0\0\200\3\0\0\324\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82171, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82170, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\4\0\0\200\3\0\0\324\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82171, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\4\0\0\200\3\0\0\324\11\0\0" )  ) == 0x0
 03591  2016   NtResumeThread  (1272, ... 1, ) == 0x0
 03592  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 312541184, 1048576, ) == 0x0
 03593  2016   NtAllocateVirtualMemory  (-1, 313581568, 0, 8192, 4096, 4, ... 313581568, 8192, ) == 0x0
 03594  2016   NtProtectVirtualMemory  (-1, (0x12b0e000), 4096, 260, ... (0x12b0e000), 4096, 4, ) == 0x0
 03595  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 03589  1716   NtProtectVirtualMemory  ... (0x71a51000), 4096, 4, ) == 0x0
 03596  2516   NtWaitForSingleObject  (128, 0, 0x0, ...
 03597  1716   NtFlushInstructionCache  (-1, 1906642944, 1060, ... ) == 0x0
 03595  2016   NtCreateThread  ... 1276, {896, 2520}, ) == 0x0
 03598  2016   NtQueryInformationThread  (1276, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe92000,Pid=896,Tid=2520,}, 0x0, ) == 0x0
 03599  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82171, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82171, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\4\0\0\200\3\0\0\330\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82172, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\4\0\0\200\3\0\0\330\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82172, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82171, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\4\0\0\200\3\0\0\330\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82172, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\4\0\0\200\3\0\0\330\11\0\0" )  ) == 0x0
 03600  2016   NtResumeThread  (1276, ... 1, ) == 0x0
 03601  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 313589760, 1048576, ) == 0x0
 03602  2016   NtAllocateVirtualMemory  (-1, 314630144, 0, 8192, 4096, 4, ... 314630144, 8192, ) == 0x0
 03603  2520   NtWaitForSingleObject  (128, 0, 0x0, ...
 03604  2016   NtProtectVirtualMemory  (-1, (0x12c0e000), 4096, 260, ... (0x12c0e000), 4096, 4, ) == 0x0
 03605  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1280, {896, 2524}, ) == 0x0
 03606  2016   NtQueryInformationThread  (1280, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe91000,Pid=896,Tid=2524,}, 0x0, ) == 0x0
 03607  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82172, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82172, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\5\0\0\200\3\0\0\334\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82173, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\5\0\0\200\3\0\0\334\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82173, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82172, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\5\0\0\200\3\0\0\334\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82173, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\5\0\0\200\3\0\0\334\11\0\0" )  ) == 0x0
 03608  2016   NtResumeThread  (1280, ... 1, ) == 0x0
 03609  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03610  2524   NtWaitForSingleObject  (128, 0, 0x0, ...
 03609  2016   NtAllocateVirtualMemory  ... 314638336, 1048576, ) == 0x0
 03611  2016   NtAllocateVirtualMemory  (-1, 315678720, 0, 8192, 4096, 4, ... 315678720, 8192, ) == 0x0
 03612  2016   NtProtectVirtualMemory  (-1, (0x12d0e000), 4096, 260, ... (0x12d0e000), 4096, 4, ) == 0x0
 03613  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1284, {896, 2528}, ) == 0x0
 03614  2016   NtQueryInformationThread  (1284, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe90000,Pid=896,Tid=2528,}, 0x0, ) == 0x0
 03615  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82173, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82173, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\5\0\0\200\3\0\0\340\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82174, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\5\0\0\200\3\0\0\340\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82174, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82173, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\5\0\0\200\3\0\0\340\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82174, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\5\0\0\200\3\0\0\340\11\0\0" )  ) == 0x0
 03616  2016   NtResumeThread  (1284, ... 1, ) == 0x0
 03617  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03618  2528   NtWaitForSingleObject  (128, 0, 0x0, ...
 03617  2016   NtAllocateVirtualMemory  ... 315686912, 1048576, ) == 0x0
 03619  2016   NtAllocateVirtualMemory  (-1, 316727296, 0, 8192, 4096, 4, ... 316727296, 8192, ) == 0x0
 03620  2016   NtProtectVirtualMemory  (-1, (0x12e0e000), 4096, 260, ... (0x12e0e000), 4096, 4, ) == 0x0
 03621  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1288, {896, 2532}, ) == 0x0
 03622  2016   NtQueryInformationThread  (1288, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe8f000,Pid=896,Tid=2532,}, 0x0, ) == 0x0
 03623  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82174, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82174, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\5\0\0\200\3\0\0\344\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82175, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\5\0\0\200\3\0\0\344\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82175, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82174, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\5\0\0\200\3\0\0\344\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82175, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\5\0\0\200\3\0\0\344\11\0\0" )  ) == 0x0
 03624  2016   NtResumeThread  (1288, ... 1, ) == 0x0
 03625  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 316735488, 1048576, ) == 0x0
 03626  2016   NtAllocateVirtualMemory  (-1, 317775872, 0, 8192, 4096, 4, ... 317775872, 8192, ) == 0x0
 03627  2532   NtWaitForSingleObject  (128, 0, 0x0, ...
 03628  2016   NtProtectVirtualMemory  (-1, (0x12f0e000), 4096, 260, ... (0x12f0e000), 4096, 4, ) == 0x0
 03629  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1292, {896, 2536}, ) == 0x0
 03630  2016   NtQueryInformationThread  (1292, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe8e000,Pid=896,Tid=2536,}, 0x0, ) == 0x0
 03631  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82175, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82175, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\5\0\0\200\3\0\0\350\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82176, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\5\0\0\200\3\0\0\350\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82176, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82175, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\5\0\0\200\3\0\0\350\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82176, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\5\0\0\200\3\0\0\350\11\0\0" )  ) == 0x0
 03632  2016   NtResumeThread  (1292, ... 1, ) == 0x0
 03633  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03634  2536   NtWaitForSingleObject  (128, 0, 0x0, ...
 03633  2016   NtAllocateVirtualMemory  ... 317784064, 1048576, ) == 0x0
 03635  2016   NtAllocateVirtualMemory  (-1, 318824448, 0, 8192, 4096, 4, ... 318824448, 8192, ) == 0x0
 03636  2016   NtProtectVirtualMemory  (-1, (0x1300e000), 4096, 260, ... (0x1300e000), 4096, 4, ) == 0x0
 03637  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1296, {896, 2540}, ) == 0x0
 03638  2016   NtQueryInformationThread  (1296, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe8d000,Pid=896,Tid=2540,}, 0x0, ) == 0x0
 03639  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82176, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82176, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\5\0\0\200\3\0\0\354\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82177, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\5\0\0\200\3\0\0\354\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82177, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82176, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\5\0\0\200\3\0\0\354\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82177, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\5\0\0\200\3\0\0\354\11\0\0" )  ) == 0x0
 03640  2016   NtResumeThread  (1296, ... 1, ) == 0x0
 03641  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 318832640, 1048576, ) == 0x0
 03642  2016   NtAllocateVirtualMemory  (-1, 319873024, 0, 8192, 4096, 4, ... 319873024, 8192, ) == 0x0
 03643  2540   NtWaitForSingleObject  (128, 0, 0x0, ...
 03644  2016   NtProtectVirtualMemory  (-1, (0x1310e000), 4096, 260, ... (0x1310e000), 4096, 4, ) == 0x0
 03645  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1300, {896, 2544}, ) == 0x0
 03646  2016   NtQueryInformationThread  (1300, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe8c000,Pid=896,Tid=2544,}, 0x0, ) == 0x0
 03647  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82177, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82177, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\5\0\0\200\3\0\0\360\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82178, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\5\0\0\200\3\0\0\360\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82178, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82177, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\5\0\0\200\3\0\0\360\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82178, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\5\0\0\200\3\0\0\360\11\0\0" )  ) == 0x0
 03648  2016   NtResumeThread  (1300, ... 1, ) == 0x0
 03649  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03650  2544   NtWaitForSingleObject  (128, 0, 0x0, ...
 03649  2016   NtAllocateVirtualMemory  ... 319881216, 1048576, ) == 0x0
 03651  2016   NtAllocateVirtualMemory  (-1, 320921600, 0, 8192, 4096, 4, ... 320921600, 8192, ) == 0x0
 03652  2016   NtProtectVirtualMemory  (-1, (0x1320e000), 4096, 260, ... (0x1320e000), 4096, 4, ) == 0x0
 03653  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1304, {896, 2548}, ) == 0x0
 03654  2016   NtQueryInformationThread  (1304, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe8b000,Pid=896,Tid=2548,}, 0x0, ) == 0x0
 03655  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82178, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82178, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\5\0\0\200\3\0\0\364\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82179, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\5\0\0\200\3\0\0\364\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82179, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82178, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\5\0\0\200\3\0\0\364\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82179, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\5\0\0\200\3\0\0\364\11\0\0" )  ) == 0x0
 03656  2016   NtResumeThread  (1304, ... 1, ) == 0x0
 03657  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 320929792, 1048576, ) == 0x0
 03658  2016   NtAllocateVirtualMemory  (-1, 321970176, 0, 8192, 4096, 4, ... 321970176, 8192, ) == 0x0
 03659  2548   NtWaitForSingleObject  (128, 0, 0x0, ...
 03660  2016   NtProtectVirtualMemory  (-1, (0x1330e000), 4096, 260, ... (0x1330e000), 4096, 4, ) == 0x0
 03661  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1308, {896, 2552}, ) == 0x0
 03662  2016   NtQueryInformationThread  (1308, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe8a000,Pid=896,Tid=2552,}, 0x0, ) == 0x0
 03663  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82179, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82179, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\5\0\0\200\3\0\0\370\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82180, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\5\0\0\200\3\0\0\370\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82180, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82179, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\5\0\0\200\3\0\0\370\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82180, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\5\0\0\200\3\0\0\370\11\0\0" )  ) == 0x0
 03664  2016   NtResumeThread  (1308, ... 1, ) == 0x0
 03665  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03666  2552   NtWaitForSingleObject  (128, 0, 0x0, ...
 03665  2016   NtAllocateVirtualMemory  ... 321978368, 1048576, ) == 0x0
 03667  2016   NtAllocateVirtualMemory  (-1, 323018752, 0, 8192, 4096, 4, ... 323018752, 8192, ) == 0x0
 03668  2016   NtProtectVirtualMemory  (-1, (0x1340e000), 4096, 260, ... (0x1340e000), 4096, 4, ) == 0x0
 03669  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1312, {896, 2556}, ) == 0x0
 03670  2016   NtQueryInformationThread  (1312, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe89000,Pid=896,Tid=2556,}, 0x0, ) == 0x0
 03671  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82180, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82180, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \5\0\0\200\3\0\0\374\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82181, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \5\0\0\200\3\0\0\374\11\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82181, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82180, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \5\0\0\200\3\0\0\374\11\0\0" ... {28, 56, reply, 0, 896, 2016, 82181, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \5\0\0\200\3\0\0\374\11\0\0" )  ) == 0x0
 03672  2016   NtResumeThread  (1312, ... 1, ) == 0x0
 03673  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 323026944, 1048576, ) == 0x0
 03674  2016   NtAllocateVirtualMemory  (-1, 324067328, 0, 8192, 4096, 4, ... 324067328, 8192, ) == 0x0
 03675  2556   NtWaitForSingleObject  (128, 0, 0x0, ...
 03676  2016   NtProtectVirtualMemory  (-1, (0x1350e000), 4096, 260, ... (0x1350e000), 4096, 4, ) == 0x0
 03677  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1316, {896, 2560}, ) == 0x0
 03678  2016   NtQueryInformationThread  (1316, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe88000,Pid=896,Tid=2560,}, 0x0, ) == 0x0
 03679  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82181, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82181, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\5\0\0\200\3\0\0\0\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82182, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\5\0\0\200\3\0\0\0\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82182, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82181, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\5\0\0\200\3\0\0\0\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82182, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\5\0\0\200\3\0\0\0\12\0\0" )  ) == 0x0
 03680  2016   NtResumeThread  (1316, ... 1, ) == 0x0
 03681  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03682  2560   NtWaitForSingleObject  (128, 0, 0x0, ...
 03681  2016   NtAllocateVirtualMemory  ... 324075520, 1048576, ) == 0x0
 03683  2016   NtAllocateVirtualMemory  (-1, 325115904, 0, 8192, 4096, 4, ... 325115904, 8192, ) == 0x0
 03684  2016   NtProtectVirtualMemory  (-1, (0x1360e000), 4096, 260, ... (0x1360e000), 4096, 4, ) == 0x0
 03685  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1320, {896, 2564}, ) == 0x0
 03686  2016   NtQueryInformationThread  (1320, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe87000,Pid=896,Tid=2564,}, 0x0, ) == 0x0
 03687  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82182, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82182, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\5\0\0\200\3\0\0\4\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82183, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\5\0\0\200\3\0\0\4\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82183, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82182, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\5\0\0\200\3\0\0\4\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82183, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\5\0\0\200\3\0\0\4\12\0\0" )  ) == 0x0
 03688  2016   NtResumeThread  (1320, ... 1, ) == 0x0
 03689  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 325124096, 1048576, ) == 0x0
 03690  2016   NtAllocateVirtualMemory  (-1, 326164480, 0, 8192, 4096, 4, ... 326164480, 8192, ) == 0x0
 03691  2564   NtWaitForSingleObject  (128, 0, 0x0, ...
 03692  2016   NtProtectVirtualMemory  (-1, (0x1370e000), 4096, 260, ... (0x1370e000), 4096, 4, ) == 0x0
 03693  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1324, {896, 2568}, ) == 0x0
 03694  2016   NtQueryInformationThread  (1324, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe86000,Pid=896,Tid=2568,}, 0x0, ) == 0x0
 03695  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82183, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82183, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\5\0\0\200\3\0\0\10\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82184, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\5\0\0\200\3\0\0\10\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82184, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82183, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\5\0\0\200\3\0\0\10\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82184, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\5\0\0\200\3\0\0\10\12\0\0" )  ) == 0x0
 03696  2016   NtResumeThread  (1324, ... 1, ) == 0x0
 03697  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03698  2568   NtWaitForSingleObject  (128, 0, 0x0, ...
 03697  2016   NtAllocateVirtualMemory  ... 326172672, 1048576, ) == 0x0
 03699  2016   NtAllocateVirtualMemory  (-1, 327213056, 0, 8192, 4096, 4, ... 327213056, 8192, ) == 0x0
 03700  2016   NtProtectVirtualMemory  (-1, (0x1380e000), 4096, 260, ... (0x1380e000), 4096, 4, ) == 0x0
 03701  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1328, {896, 2572}, ) == 0x0
 03702  2016   NtQueryInformationThread  (1328, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe85000,Pid=896,Tid=2572,}, 0x0, ) == 0x0
 03703  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82184, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82184, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\5\0\0\200\3\0\0\14\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82185, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\5\0\0\200\3\0\0\14\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82185, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82184, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\5\0\0\200\3\0\0\14\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82185, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\5\0\0\200\3\0\0\14\12\0\0" )  ) == 0x0
 03704  2016   NtResumeThread  (1328, ... 1, ) == 0x0
 03705  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 327221248, 1048576, ) == 0x0
 03706  2016   NtAllocateVirtualMemory  (-1, 328261632, 0, 8192, 4096, 4, ... 328261632, 8192, ) == 0x0
 03707  2572   NtWaitForSingleObject  (128, 0, 0x0, ...
 03708  2016   NtProtectVirtualMemory  (-1, (0x1390e000), 4096, 260, ... (0x1390e000), 4096, 4, ) == 0x0
 03709  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1332, {896, 2576}, ) == 0x0
 03710  2016   NtQueryInformationThread  (1332, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe84000,Pid=896,Tid=2576,}, 0x0, ) == 0x0
 03711  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82185, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82185, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\5\0\0\200\3\0\0\20\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82186, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\5\0\0\200\3\0\0\20\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82186, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82185, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\5\0\0\200\3\0\0\20\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82186, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\5\0\0\200\3\0\0\20\12\0\0" )  ) == 0x0
 03712  2016   NtResumeThread  (1332, ... 1, ) == 0x0
 03713  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03714  2576   NtWaitForSingleObject  (128, 0, 0x0, ...
 03713  2016   NtAllocateVirtualMemory  ... 328269824, 1048576, ) == 0x0
 03715  2016   NtAllocateVirtualMemory  (-1, 329310208, 0, 8192, 4096, 4, ... 329310208, 8192, ) == 0x0
 03716  2016   NtProtectVirtualMemory  (-1, (0x13a0e000), 4096, 260, ... (0x13a0e000), 4096, 4, ) == 0x0
 03717  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1336, {896, 2580}, ) == 0x0
 03718  2016   NtQueryInformationThread  (1336, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe83000,Pid=896,Tid=2580,}, 0x0, ) == 0x0
 03719  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82186, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82186, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\5\0\0\200\3\0\0\24\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82187, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\5\0\0\200\3\0\0\24\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82187, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82186, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\5\0\0\200\3\0\0\24\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82187, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\5\0\0\200\3\0\0\24\12\0\0" )  ) == 0x0
 03720  2016   NtResumeThread  (1336, ... 1, ) == 0x0
 03721  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 329318400, 1048576, ) == 0x0
 03722  2016   NtAllocateVirtualMemory  (-1, 330358784, 0, 8192, 4096, 4, ... 330358784, 8192, ) == 0x0
 03723  2580   NtWaitForSingleObject  (128, 0, 0x0, ...
 03724  2016   NtProtectVirtualMemory  (-1, (0x13b0e000), 4096, 260, ... (0x13b0e000), 4096, 4, ) == 0x0
 03725  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1340, {896, 2584}, ) == 0x0
 03726  2016   NtQueryInformationThread  (1340, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe82000,Pid=896,Tid=2584,}, 0x0, ) == 0x0
 03727  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82187, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82187, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\5\0\0\200\3\0\0\30\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82188, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\5\0\0\200\3\0\0\30\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82188, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82187, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\5\0\0\200\3\0\0\30\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82188, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\5\0\0\200\3\0\0\30\12\0\0" )  ) == 0x0
 03728  2016   NtResumeThread  (1340, ... 1, ) == 0x0
 03729  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03730  2584   NtWaitForSingleObject  (128, 0, 0x0, ...
 03729  2016   NtAllocateVirtualMemory  ... 330366976, 1048576, ) == 0x0
 03731  2016   NtAllocateVirtualMemory  (-1, 331407360, 0, 8192, 4096, 4, ... 331407360, 8192, ) == 0x0
 03732  2016   NtProtectVirtualMemory  (-1, (0x13c0e000), 4096, 260, ... (0x13c0e000), 4096, 4, ) == 0x0
 03733  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1344, {896, 2588}, ) == 0x0
 03734  2016   NtQueryInformationThread  (1344, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe81000,Pid=896,Tid=2588,}, 0x0, ) == 0x0
 03735  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82188, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82188, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\5\0\0\200\3\0\0\34\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82189, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\5\0\0\200\3\0\0\34\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82189, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82188, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\5\0\0\200\3\0\0\34\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82189, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\5\0\0\200\3\0\0\34\12\0\0" )  ) == 0x0
 03736  2016   NtResumeThread  (1344, ... 1, ) == 0x0
 03737  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 331415552, 1048576, ) == 0x0
 03738  2016   NtAllocateVirtualMemory  (-1, 332455936, 0, 8192, 4096, 4, ... 332455936, 8192, ) == 0x0
 03739  2588   NtWaitForSingleObject  (128, 0, 0x0, ...
 03740  2016   NtProtectVirtualMemory  (-1, (0x13d0e000), 4096, 260, ... (0x13d0e000), 4096, 4, ) == 0x0
 03741  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1348, {896, 2592}, ) == 0x0
 03742  2016   NtQueryInformationThread  (1348, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe80000,Pid=896,Tid=2592,}, 0x0, ) == 0x0
 03743  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82189, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82189, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\5\0\0\200\3\0\0 \12\0\0" ... {28, 56, reply, 0, 896, 2016, 82190, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\5\0\0\200\3\0\0 \12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82190, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82189, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\5\0\0\200\3\0\0 \12\0\0" ... {28, 56, reply, 0, 896, 2016, 82190, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\5\0\0\200\3\0\0 \12\0\0" )  ) == 0x0
 03744  2016   NtResumeThread  (1348, ... 1, ) == 0x0
 03745  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 332464128, 1048576, ) == 0x0
 03746  2016   NtAllocateVirtualMemory  (-1, 333504512, 0, 8192, 4096, 4, ... 333504512, 8192, ) == 0x0
 03747  2592   NtWaitForSingleObject  (128, 0, 0x0, ...
 03748  2016   NtProtectVirtualMemory  (-1, (0x13e0e000), 4096, 260, ... (0x13e0e000), 4096, 4, ) == 0x0
 03749  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1352, {896, 2596}, ) == 0x0
 03750  2016   NtQueryInformationThread  (1352, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe7f000,Pid=896,Tid=2596,}, 0x0, ) == 0x0
 03751  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82190, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82190, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\5\0\0\200\3\0\0$\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82191, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\5\0\0\200\3\0\0$\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82191, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82190, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\5\0\0\200\3\0\0$\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82191, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\5\0\0\200\3\0\0$\12\0\0" )  ) == 0x0
 03752  2016   NtResumeThread  (1352, ... 1, ) == 0x0
 03753  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03754  2596   NtWaitForSingleObject  (128, 0, 0x0, ...
 03753  2016   NtAllocateVirtualMemory  ... 333512704, 1048576, ) == 0x0
 03755  2016   NtAllocateVirtualMemory  (-1, 334553088, 0, 8192, 4096, 4, ... 334553088, 8192, ) == 0x0
 03756  2016   NtProtectVirtualMemory  (-1, (0x13f0e000), 4096, 260, ... (0x13f0e000), 4096, 4, ) == 0x0
 03757  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1356, {896, 2600}, ) == 0x0
 03758  2016   NtQueryInformationThread  (1356, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe7e000,Pid=896,Tid=2600,}, 0x0, ) == 0x0
 03759  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82191, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82191, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\5\0\0\200\3\0\0(\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82192, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\5\0\0\200\3\0\0(\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82192, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82191, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\5\0\0\200\3\0\0(\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82192, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\5\0\0\200\3\0\0(\12\0\0" )  ) == 0x0
 03760  2016   NtResumeThread  (1356, ... 1, ) == 0x0
 03761  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 334561280, 1048576, ) == 0x0
 03762  2016   NtAllocateVirtualMemory  (-1, 335601664, 0, 8192, 4096, 4, ... 335601664, 8192, ) == 0x0
 03763  2600   NtWaitForSingleObject  (128, 0, 0x0, ...
 03764  2016   NtProtectVirtualMemory  (-1, (0x1400e000), 4096, 260, ... (0x1400e000), 4096, 4, ) == 0x0
 03765  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1360, {896, 2604}, ) == 0x0
 03766  2016   NtQueryInformationThread  (1360, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe7d000,Pid=896,Tid=2604,}, 0x0, ) == 0x0
 03767  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82192, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82192, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\5\0\0\200\3\0\0,\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82193, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\5\0\0\200\3\0\0,\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82193, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82192, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\5\0\0\200\3\0\0,\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82193, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\5\0\0\200\3\0\0,\12\0\0" )  ) == 0x0
 03768  2016   NtResumeThread  (1360, ... 1, ) == 0x0
 03769  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03770  2604   NtWaitForSingleObject  (128, 0, 0x0, ...
 03769  2016   NtAllocateVirtualMemory  ... 335609856, 1048576, ) == 0x0
 03771  2016   NtAllocateVirtualMemory  (-1, 336650240, 0, 8192, 4096, 4, ... 336650240, 8192, ) == 0x0
 03772  2016   NtProtectVirtualMemory  (-1, (0x1410e000), 4096, 260, ... (0x1410e000), 4096, 4, ) == 0x0
 03773  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1364, {896, 2608}, ) == 0x0
 03774  2016   NtQueryInformationThread  (1364, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe7c000,Pid=896,Tid=2608,}, 0x0, ) == 0x0
 03775  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82193, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82193, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\5\0\0\200\3\0\00\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82194, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\5\0\0\200\3\0\00\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82194, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82193, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\5\0\0\200\3\0\00\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82194, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\5\0\0\200\3\0\00\12\0\0" )  ) == 0x0
 03776  2016   NtResumeThread  (1364, ... 1, ) == 0x0
 03777  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 336658432, 1048576, ) == 0x0
 03778  2016   NtAllocateVirtualMemory  (-1, 337698816, 0, 8192, 4096, 4, ... 337698816, 8192, ) == 0x0
 03779  2608   NtWaitForSingleObject  (128, 0, 0x0, ...
 03780  2016   NtProtectVirtualMemory  (-1, (0x1420e000), 4096, 260, ... (0x1420e000), 4096, 4, ) == 0x0
 03781  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1368, {896, 2612}, ) == 0x0
 03782  2016   NtQueryInformationThread  (1368, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe7b000,Pid=896,Tid=2612,}, 0x0, ) == 0x0
 03783  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82194, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82194, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\5\0\0\200\3\0\04\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82195, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\5\0\0\200\3\0\04\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82195, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82194, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\5\0\0\200\3\0\04\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82195, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\5\0\0\200\3\0\04\12\0\0" )  ) == 0x0
 03784  2016   NtResumeThread  (1368, ... 1, ) == 0x0
 03785  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03786  2612   NtWaitForSingleObject  (128, 0, 0x0, ...
 03785  2016   NtAllocateVirtualMemory  ... 337707008, 1048576, ) == 0x0
 03787  2016   NtAllocateVirtualMemory  (-1, 338747392, 0, 8192, 4096, 4, ... 338747392, 8192, ) == 0x0
 03788  2016   NtProtectVirtualMemory  (-1, (0x1430e000), 4096, 260, ... (0x1430e000), 4096, 4, ) == 0x0
 03789  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1372, {896, 2616}, ) == 0x0
 03790  2016   NtQueryInformationThread  (1372, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe7a000,Pid=896,Tid=2616,}, 0x0, ) == 0x0
 03791  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82195, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82195, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\5\0\0\200\3\0\08\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82196, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\5\0\0\200\3\0\08\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82196, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82195, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\5\0\0\200\3\0\08\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82196, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\5\0\0\200\3\0\08\12\0\0" )  ) == 0x0
 03792  2016   NtResumeThread  (1372, ... 1, ) == 0x0
 03793  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 338755584, 1048576, ) == 0x0
 03794  2016   NtAllocateVirtualMemory  (-1, 339795968, 0, 8192, 4096, 4, ... 339795968, 8192, ) == 0x0
 03795  2616   NtWaitForSingleObject  (128, 0, 0x0, ...
 03796  2016   NtProtectVirtualMemory  (-1, (0x1440e000), 4096, 260, ... (0x1440e000), 4096, 4, ) == 0x0
 03797  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1376, {896, 2620}, ) == 0x0
 03798  2016   NtQueryInformationThread  (1376, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe79000,Pid=896,Tid=2620,}, 0x0, ) == 0x0
 03799  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82196, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82196, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\5\0\0\200\3\0\0<\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82197, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\5\0\0\200\3\0\0<\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82197, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82196, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\5\0\0\200\3\0\0<\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82197, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\5\0\0\200\3\0\0<\12\0\0" )  ) == 0x0
 03800  2016   NtResumeThread  (1376, ... 1, ) == 0x0
 03801  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03802  2620   NtWaitForSingleObject  (128, 0, 0x0, ...
 03801  2016   NtAllocateVirtualMemory  ... 339804160, 1048576, ) == 0x0
 03803  2016   NtAllocateVirtualMemory  (-1, 340844544, 0, 8192, 4096, 4, ... 340844544, 8192, ) == 0x0
 03804  2016   NtProtectVirtualMemory  (-1, (0x1450e000), 4096, 260, ... (0x1450e000), 4096, 4, ) == 0x0
 03805  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1380, {896, 2624}, ) == 0x0
 03806  2016   NtQueryInformationThread  (1380, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe78000,Pid=896,Tid=2624,}, 0x0, ) == 0x0
 03807  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82197, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82197, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\5\0\0\200\3\0\0@\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82198, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\5\0\0\200\3\0\0@\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82198, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82197, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\5\0\0\200\3\0\0@\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82198, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\5\0\0\200\3\0\0@\12\0\0" )  ) == 0x0
 03808  2016   NtResumeThread  (1380, ... 1, ) == 0x0
 03809  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03810  2624   NtWaitForSingleObject  (128, 0, 0x0, ...
 03809  2016   NtAllocateVirtualMemory  ... 340852736, 1048576, ) == 0x0
 03811  2016   NtAllocateVirtualMemory  (-1, 341893120, 0, 8192, 4096, 4, ... 341893120, 8192, ) == 0x0
 03812  2016   NtProtectVirtualMemory  (-1, (0x1460e000), 4096, 260, ... (0x1460e000), 4096, 4, ) == 0x0
 03813  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1384, {896, 2628}, ) == 0x0
 03814  2016   NtQueryInformationThread  (1384, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe77000,Pid=896,Tid=2628,}, 0x0, ) == 0x0
 03815  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82198, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82198, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\5\0\0\200\3\0\0D\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82199, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\5\0\0\200\3\0\0D\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82199, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82198, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\5\0\0\200\3\0\0D\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82199, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\5\0\0\200\3\0\0D\12\0\0" )  ) == 0x0
 03816  2016   NtResumeThread  (1384, ... 1, ) == 0x0
 03817  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 341901312, 1048576, ) == 0x0
 03818  2016   NtAllocateVirtualMemory  (-1, 342941696, 0, 8192, 4096, 4, ... 342941696, 8192, ) == 0x0
 03819  2628   NtWaitForSingleObject  (128, 0, 0x0, ...
 03820  2016   NtProtectVirtualMemory  (-1, (0x1470e000), 4096, 260, ... (0x1470e000), 4096, 4, ) == 0x0
 03821  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1388, {896, 2632}, ) == 0x0
 03822  2016   NtQueryInformationThread  (1388, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe76000,Pid=896,Tid=2632,}, 0x0, ) == 0x0
 03823  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82199, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82199, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\5\0\0\200\3\0\0H\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82200, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\5\0\0\200\3\0\0H\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82200, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82199, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\5\0\0\200\3\0\0H\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82200, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\5\0\0\200\3\0\0H\12\0\0" )  ) == 0x0
 03824  2016   NtResumeThread  (1388, ... 1, ) == 0x0
 03825  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03826  2632   NtWaitForSingleObject  (128, 0, 0x0, ...
 03825  2016   NtAllocateVirtualMemory  ... 342949888, 1048576, ) == 0x0
 03827  2016   NtAllocateVirtualMemory  (-1, 343990272, 0, 8192, 4096, 4, ... 343990272, 8192, ) == 0x0
 03828  2016   NtProtectVirtualMemory  (-1, (0x1480e000), 4096, 260, ... (0x1480e000), 4096, 4, ) == 0x0
 03829  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1392, {896, 2636}, ) == 0x0
 03830  2016   NtQueryInformationThread  (1392, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe75000,Pid=896,Tid=2636,}, 0x0, ) == 0x0
 03831  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82200, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82200, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\5\0\0\200\3\0\0L\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82201, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\5\0\0\200\3\0\0L\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82201, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82200, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\5\0\0\200\3\0\0L\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82201, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\5\0\0\200\3\0\0L\12\0\0" )  ) == 0x0
 03832  2016   NtResumeThread  (1392, ... 1, ) == 0x0
 03833  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 343998464, 1048576, ) == 0x0
 03834  2016   NtAllocateVirtualMemory  (-1, 345038848, 0, 8192, 4096, 4, ... 345038848, 8192, ) == 0x0
 03835  2636   NtWaitForSingleObject  (128, 0, 0x0, ...
 03836  2016   NtProtectVirtualMemory  (-1, (0x1490e000), 4096, 260, ... (0x1490e000), 4096, 4, ) == 0x0
 03837  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1396, {896, 2640}, ) == 0x0
 03838  2016   NtQueryInformationThread  (1396, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe74000,Pid=896,Tid=2640,}, 0x0, ) == 0x0
 03839  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82201, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82201, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\5\0\0\200\3\0\0P\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82202, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\5\0\0\200\3\0\0P\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82202, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82201, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\5\0\0\200\3\0\0P\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82202, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\5\0\0\200\3\0\0P\12\0\0" )  ) == 0x0
 03840  2016   NtResumeThread  (1396, ... 1, ) == 0x0
 03841  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03842  2640   NtWaitForSingleObject  (128, 0, 0x0, ...
 03841  2016   NtAllocateVirtualMemory  ... 345047040, 1048576, ) == 0x0
 03843  2016   NtAllocateVirtualMemory  (-1, 346087424, 0, 8192, 4096, 4, ... 346087424, 8192, ) == 0x0
 03844  2016   NtProtectVirtualMemory  (-1, (0x14a0e000), 4096, 260, ... (0x14a0e000), 4096, 4, ) == 0x0
 03845  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1400, {896, 2644}, ) == 0x0
 03846  2016   NtQueryInformationThread  (1400, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe73000,Pid=896,Tid=2644,}, 0x0, ) == 0x0
 03847  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82202, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82202, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\5\0\0\200\3\0\0T\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82203, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\5\0\0\200\3\0\0T\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82203, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82202, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\5\0\0\200\3\0\0T\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82203, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\5\0\0\200\3\0\0T\12\0\0" )  ) == 0x0
 03848  2016   NtResumeThread  (1400, ... 1, ) == 0x0
 03849  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03850  2644   NtWaitForSingleObject  (128, 0, 0x0, ...
 03849  2016   NtAllocateVirtualMemory  ... 346095616, 1048576, ) == 0x0
 03851  2016   NtAllocateVirtualMemory  (-1, 347136000, 0, 8192, 4096, 4, ... 347136000, 8192, ) == 0x0
 03852  2016   NtProtectVirtualMemory  (-1, (0x14b0e000), 4096, 260, ... (0x14b0e000), 4096, 4, ) == 0x0
 03853  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1404, {896, 2648}, ) == 0x0
 03854  2016   NtQueryInformationThread  (1404, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe72000,Pid=896,Tid=2648,}, 0x0, ) == 0x0
 03855  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82203, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82203, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\5\0\0\200\3\0\0X\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82204, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\5\0\0\200\3\0\0X\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82204, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82203, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\5\0\0\200\3\0\0X\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82204, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\5\0\0\200\3\0\0X\12\0\0" )  ) == 0x0
 03856  2016   NtResumeThread  (1404, ... 1, ) == 0x0
 03857  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 347144192, 1048576, ) == 0x0
 03858  2016   NtAllocateVirtualMemory  (-1, 348184576, 0, 8192, 4096, 4, ... 348184576, 8192, ) == 0x0
 03859  2648   NtWaitForSingleObject  (128, 0, 0x0, ...
 03860  2016   NtProtectVirtualMemory  (-1, (0x14c0e000), 4096, 260, ... (0x14c0e000), 4096, 4, ) == 0x0
 03861  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1408, {896, 2652}, ) == 0x0
 03862  2016   NtQueryInformationThread  (1408, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe71000,Pid=896,Tid=2652,}, 0x0, ) == 0x0
 03863  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82204, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82204, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\5\0\0\200\3\0\0\\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82205, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\5\0\0\200\3\0\0\\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82205, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82204, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\5\0\0\200\3\0\0\\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82205, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\5\0\0\200\3\0\0\\12\0\0" )  ) == 0x0
 03864  2016   NtResumeThread  (1408, ... 1, ) == 0x0
 03865  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03866  2652   NtWaitForSingleObject  (128, 0, 0x0, ...
 03865  2016   NtAllocateVirtualMemory  ... 348192768, 1048576, ) == 0x0
 03867  2016   NtAllocateVirtualMemory  (-1, 349233152, 0, 8192, 4096, 4, ... 349233152, 8192, ) == 0x0
 03868  2016   NtProtectVirtualMemory  (-1, (0x14d0e000), 4096, 260, ... (0x14d0e000), 4096, 4, ) == 0x0
 03869  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1412, {896, 2656}, ) == 0x0
 03870  2016   NtQueryInformationThread  (1412, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe70000,Pid=896,Tid=2656,}, 0x0, ) == 0x0
 03871  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82205, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82205, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\5\0\0\200\3\0\0`\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82206, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\5\0\0\200\3\0\0`\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82206, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82205, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\5\0\0\200\3\0\0`\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82206, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\5\0\0\200\3\0\0`\12\0\0" )  ) == 0x0
 03872  2016   NtResumeThread  (1412, ... 1, ) == 0x0
 03873  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 349241344, 1048576, ) == 0x0
 03874  2016   NtAllocateVirtualMemory  (-1, 350281728, 0, 8192, 4096, 4, ... 350281728, 8192, ) == 0x0
 03875  2656   NtWaitForSingleObject  (128, 0, 0x0, ...
 03876  2016   NtProtectVirtualMemory  (-1, (0x14e0e000), 4096, 260, ... (0x14e0e000), 4096, 4, ) == 0x0
 03877  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1416, {896, 2660}, ) == 0x0
 03878  2016   NtQueryInformationThread  (1416, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe6f000,Pid=896,Tid=2660,}, 0x0, ) == 0x0
 03879  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82206, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82206, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\5\0\0\200\3\0\0d\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82207, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\5\0\0\200\3\0\0d\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82207, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82206, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\5\0\0\200\3\0\0d\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82207, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\5\0\0\200\3\0\0d\12\0\0" )  ) == 0x0
 03880  2016   NtResumeThread  (1416, ... 1, ) == 0x0
 03881  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 350289920, 1048576, ) == 0x0
 03882  2016   NtAllocateVirtualMemory  (-1, 351330304, 0, 8192, 4096, 4, ... 351330304, 8192, ) == 0x0
 03883  2660   NtWaitForSingleObject  (128, 0, 0x0, ...
 03884  2016   NtProtectVirtualMemory  (-1, (0x14f0e000), 4096, 260, ... (0x14f0e000), 4096, 4, ) == 0x0
 03885  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1420, {896, 2664}, ) == 0x0
 03886  2016   NtQueryInformationThread  (1420, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe6e000,Pid=896,Tid=2664,}, 0x0, ) == 0x0
 03887  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82207, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82207, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\5\0\0\200\3\0\0h\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82208, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\5\0\0\200\3\0\0h\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82208, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82207, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\5\0\0\200\3\0\0h\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82208, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\5\0\0\200\3\0\0h\12\0\0" )  ) == 0x0
 03888  2016   NtResumeThread  (1420, ... 1, ) == 0x0
 03889  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03890  2664   NtWaitForSingleObject  (128, 0, 0x0, ...
 03889  2016   NtAllocateVirtualMemory  ... 351338496, 1048576, ) == 0x0
 03891  2016   NtAllocateVirtualMemory  (-1, 352378880, 0, 8192, 4096, 4, ... 352378880, 8192, ) == 0x0
 03892  2016   NtProtectVirtualMemory  (-1, (0x1500e000), 4096, 260, ... (0x1500e000), 4096, 4, ) == 0x0
 03893  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1424, {896, 2668}, ) == 0x0
 03894  2016   NtQueryInformationThread  (1424, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe6d000,Pid=896,Tid=2668,}, 0x0, ) == 0x0
 03895  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82208, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82208, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\5\0\0\200\3\0\0l\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82209, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\5\0\0\200\3\0\0l\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82209, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82208, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\5\0\0\200\3\0\0l\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82209, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\5\0\0\200\3\0\0l\12\0\0" )  ) == 0x0
 03896  2016   NtResumeThread  (1424, ... 1, ) == 0x0
 03897  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 352387072, 1048576, ) == 0x0
 03898  2016   NtAllocateVirtualMemory  (-1, 353427456, 0, 8192, 4096, 4, ... 353427456, 8192, ) == 0x0
 03899  2668   NtWaitForSingleObject  (128, 0, 0x0, ...
 03900  2016   NtProtectVirtualMemory  (-1, (0x1510e000), 4096, 260, ... (0x1510e000), 4096, 4, ) == 0x0
 03901  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1428, {896, 2672}, ) == 0x0
 03902  2016   NtQueryInformationThread  (1428, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe6c000,Pid=896,Tid=2672,}, 0x0, ) == 0x0
 03903  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82209, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82209, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\5\0\0\200\3\0\0p\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82210, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\5\0\0\200\3\0\0p\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82210, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82209, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\5\0\0\200\3\0\0p\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82210, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\5\0\0\200\3\0\0p\12\0\0" )  ) == 0x0
 03904  2016   NtResumeThread  (1428, ... 1, ) == 0x0
 03905  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03906  2672   NtWaitForSingleObject  (128, 0, 0x0, ...
 03905  2016   NtAllocateVirtualMemory  ... 353435648, 1048576, ) == 0x0
 03907  2016   NtAllocateVirtualMemory  (-1, 354476032, 0, 8192, 4096, 4, ... 354476032, 8192, ) == 0x0
 03908  2016   NtProtectVirtualMemory  (-1, (0x1520e000), 4096, 260, ... (0x1520e000), 4096, 4, ) == 0x0
 03909  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1432, {896, 2676}, ) == 0x0
 03910  2016   NtQueryInformationThread  (1432, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe6b000,Pid=896,Tid=2676,}, 0x0, ) == 0x0
 03911  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82210, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82210, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\5\0\0\200\3\0\0t\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82211, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\5\0\0\200\3\0\0t\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82211, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82210, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\5\0\0\200\3\0\0t\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82211, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\5\0\0\200\3\0\0t\12\0\0" )  ) == 0x0
 03912  2016   NtResumeThread  (1432, ... 1, ) == 0x0
 03913  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03914  2676   NtWaitForSingleObject  (128, 0, 0x0, ...
 03913  2016   NtAllocateVirtualMemory  ... 354484224, 1048576, ) == 0x0
 03915  2016   NtAllocateVirtualMemory  (-1, 355524608, 0, 8192, 4096, 4, ... 355524608, 8192, ) == 0x0
 03916  2016   NtProtectVirtualMemory  (-1, (0x1530e000), 4096, 260, ... (0x1530e000), 4096, 4, ) == 0x0
 03917  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 03918  1716   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mswsock.dll"}, ... }, ...
 03917  2016   NtCreateThread  ... 1436, {896, 2680}, ) == 0x0
 03919  2016   NtQueryInformationThread  (1436, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe6a000,Pid=896,Tid=2680,}, 0x0, ) == 0x0
 03920  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82211, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82211, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\5\0\0\200\3\0\0x\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82220, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\5\0\0\200\3\0\0x\12\0\0" )  ... {28, 56, reply, 0, 896, 2016, 82220, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82211, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\5\0\0\200\3\0\0x\12\0\0" ... {28, 56, reply, 0, 896, 2016, 82220, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\5\0\0\200\3\0\0x\12\0\0" )  ) == 0x0
 03921  2016   NtResumeThread  (1436, ... 1, ) == 0x0
 03922  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03918  1716   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 03923  2680   NtWaitForSingleObject  (128, 0, 0x0, ...
 03924  1716   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 03925  1716   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 03926  1716   NtSetEventBoostPriority  (128, ...
 01284  1440   NtWaitForSingleObject  ... ) == 0x0
 03927  1440   NtSetEventBoostPriority  (128, ...
 01299  1664   NtWaitForSingleObject  ... ) == 0x0
 03928  1664   NtSetEventBoostPriority  (128, ...
 01305  1972   NtWaitForSingleObject  ... ) == 0x0
 03929  1972   NtSetEventBoostPriority  (128, ...
 01315  1036   NtWaitForSingleObject  ... ) == 0x0
 03930  1036   NtSetEventBoostPriority  (128, ...
 01321  1248   NtWaitForSingleObject  ... ) == 0x0
 03931  1248   NtSetEventBoostPriority  (128, ...
 01331  1656   NtWaitForSingleObject  ... ) == 0x0
 03932  1656   NtSetEventBoostPriority  (128, ...
 01337   760   NtWaitForSingleObject  ... ) == 0x0
 03933   760   NtSetEventBoostPriority  (128, ...
 01347   484   NtWaitForSingleObject  ... ) == 0x0
 03934   484   NtSetEventBoostPriority  (128, ...
 01353  1580   NtWaitForSingleObject  ... ) == 0x0
 03935  1580   NtSetEventBoostPriority  (128, ...
 01362  1756   NtWaitForSingleObject  ... ) == 0x0
 03936  1756   NtSetEventBoostPriority  (128, ...
 01369  1304   NtWaitForSingleObject  ... ) == 0x0
 03937  1304   NtSetEventBoostPriority  (128, ...
 01378  1292   NtWaitForSingleObject  ... ) == 0x0
 03938  1292   NtSetEventBoostPriority  (128, ...
 01385   540   NtWaitForSingleObject  ... ) == 0x0
 03939   540   NtSetEventBoostPriority  (128, ...
 01394  1956   NtWaitForSingleObject  ... ) == 0x0
 03940  1956   NtSetEventBoostPriority  (128, ...
 01401  1980   NtWaitForSingleObject  ... ) == 0x0
 03941  1980   NtSetEventBoostPriority  (128, ...
 01410  1556   NtWaitForSingleObject  ... ) == 0x0
 03942  1556   NtSetEventBoostPriority  (128, ...
 01417  1480   NtWaitForSingleObject  ... ) == 0x0
 03943  1480   NtSetEventBoostPriority  (128, ...
 01426  1784   NtWaitForSingleObject  ... ) == 0x0
 03944  1784   NtSetEventBoostPriority  (128, ...
 01433   460   NtWaitForSingleObject  ... ) == 0x0
 03945   460   NtSetEventBoostPriority  (128, ...
 01442  1068   NtWaitForSingleObject  ... ) == 0x0
 03946  1068   NtSetEventBoostPriority  (128, ...
 01450  1856   NtWaitForSingleObject  ... ) == 0x0
 03947  1856   NtSetEventBoostPriority  (128, ...
 01457  1572   NtWaitForSingleObject  ... ) == 0x0
 03948  1572   NtSetEventBoostPriority  (128, ...
 01466  1604   NtWaitForSingleObject  ... ) == 0x0
 03949  1604   NtSetEventBoostPriority  (128, ...
 01474  1596   NtWaitForSingleObject  ... ) == 0x0
 03950  1596   NtSetEventBoostPriority  (128, ...
 01481  1272   NtWaitForSingleObject  ... ) == 0x0
 03951  1272   NtSetEventBoostPriority  (128, ...
 01490  1132   NtWaitForSingleObject  ... ) == 0x0
 03952  1132   NtAllocateVirtualMemory  (-1, 3624960, 0, 4096, 4096, 4, ... 3624960, 4096, ) == 0x0
 03951  1272   NtSetEventBoostPriority  ... ) == 0x0
 03950  1596   NtSetEventBoostPriority  ... ) == 0x0
 03949  1604   NtSetEventBoostPriority  ... ) == 0x0
 03948  1572   NtSetEventBoostPriority  ... ) == 0x0
 03947  1856   NtSetEventBoostPriority  ... ) == 0x0
 03946  1068   NtSetEventBoostPriority  ... ) == 0x0
 03945   460   NtSetEventBoostPriority  ... ) == 0x0
 03944  1784   NtSetEventBoostPriority  ... ) == 0x0
 03943  1480   NtSetEventBoostPriority  ... ) == 0x0
 03942  1556   NtSetEventBoostPriority  ... ) == 0x0
 03941  1980   NtSetEventBoostPriority  ... ) == 0x0
 03940  1956   NtSetEventBoostPriority  ... ) == 0x0
 03939   540   NtSetEventBoostPriority  ... ) == 0x0
 03938  1292   NtSetEventBoostPriority  ... ) == 0x0
 03937  1304   NtSetEventBoostPriority  ... ) == 0x0
 03935  1580   NtSetEventBoostPriority  ... ) == 0x0
 03934   484   NtSetEventBoostPriority  ... ) == 0x0
 03933   760   NtSetEventBoostPriority  ... ) == 0x0
 03932  1656   NtSetEventBoostPriority  ... ) == 0x0
 03931  1248   NtSetEventBoostPriority  ... ) == 0x0
 03930  1036   NtSetEventBoostPriority  ... ) == 0x0
 03929  1972   NtSetEventBoostPriority  ... ) == 0x0
 03928  1664   NtSetEventBoostPriority  ... ) == 0x0
 03927  1440   NtSetEventBoostPriority  ... ) == 0x0
 03936  1756   NtSetEventBoostPriority  ... ) == 0x0
 03926  1716   NtSetEventBoostPriority  ... ) == 0x0
 03922  2016   NtAllocateVirtualMemory  ... 355532800, 1048576, ) == 0x0
 03953  1132   NtSetEventBoostPriority  (128, ...
 03954  1272   NtTestAlert  (...
 03955  1596   NtTestAlert  (...
 03956  1604   NtTestAlert  (...
 03957  1572   NtTestAlert  (...
 03958  1856   NtTestAlert  (...
 03959  1068   NtTestAlert  (...
 03960   460   NtTestAlert  (...
 03961  1784   NtTestAlert  (...
 03962  1480   NtTestAlert  (...
 03963  1556   NtTestAlert  (...
 03964  1980   NtTestAlert  (...
 03965  1956   NtTestAlert  (...
 03966   540   NtTestAlert  (...
 03967  1292   NtTestAlert  (...
 03968  1304   NtTestAlert  (...
 03969  1580   NtTestAlert  (...
 03970   484   NtTestAlert  (...
 03971   760   NtTestAlert  (...
 03972  1656   NtTestAlert  (...
 03973  1248   NtTestAlert  (...
 03974  1036   NtTestAlert  (...
 03975  1972   NtTestAlert  (...
 03976  1664   NtTestAlert  (...
 03977  1440   NtTestAlert  (...
 03978  1716   NtWaitForSingleObject  (128, 0, 0x0, ...
 03979  2016   NtAllocateVirtualMemory  (-1, 356573184, 0, 8192, 4096, 4, ...
 01497   948   NtWaitForSingleObject  ... ) == 0x0
 03953  1132   NtSetEventBoostPriority  ... ) == 0x0
 03954  1272   NtTestAlert  ... ) == 0x0
 03955  1596   NtTestAlert  ... ) == 0x0
 03956  1604   NtTestAlert  ... ) == 0x0
 03957  1572   NtTestAlert  ... ) == 0x0
 03958  1856   NtTestAlert  ... ) == 0x0
 03959  1068   NtTestAlert  ... ) == 0x0
 03960   460   NtTestAlert  ... ) == 0x0
 03961  1784   NtTestAlert  ... ) == 0x0
 03962  1480   NtTestAlert  ... ) == 0x0
 03963  1556   NtTestAlert  ... ) == 0x0
 03964  1980   NtTestAlert  ... ) == 0x0
 03965  1956   NtTestAlert  ... ) == 0x0
 03966   540   NtTestAlert  ... ) == 0x0
 03967  1292   NtTestAlert  ... ) == 0x0
 03968  1304   NtTestAlert  ... ) == 0x0
 03969  1580   NtTestAlert  ... ) == 0x0
 03970   484   NtTestAlert  ... ) == 0x0
 03971   760   NtTestAlert  ... ) == 0x0
 03972  1656   NtTestAlert  ... ) == 0x0
 03973  1248   NtTestAlert  ... ) == 0x0
 03974  1036   NtTestAlert  ... ) == 0x0
 03975  1972   NtTestAlert  ... ) == 0x0
 03976  1664   NtTestAlert  ... ) == 0x0
 03977  1440   NtTestAlert  ... ) == 0x0
 03980   948   NtSetEventBoostPriority  (128, ...
 03979  2016   NtAllocateVirtualMemory  ... 356573184, 8192, ) == 0x0
 03981  1132   NtTestAlert  (...
 03982  1272   NtContinue  (37813552, 1, ...
 03983  1596   NtContinue  (36764976, 1, ...
 03984  1604   NtContinue  (35716400, 1, ...
 03985  1572   NtContinue  (34667824, 1, ...
 03986  1856   NtContinue  (33619248, 1, ...
 03987  1068   NtContinue  (32570672, 1, ...
 03988   460   NtContinue  (31522096, 1, ...
 03989  1784   NtContinue  (30473520, 1, ...
 03990  1480   NtContinue  (29424944, 1, ...
 03991  1556   NtContinue  (28376368, 1, ...
 03992  1980   NtContinue  (27327792, 1, ...
 03993  1956   NtContinue  (26279216, 1, ...
 03994   540   NtContinue  (25230640, 1, ...
 03995  1292   NtContinue  (24182064, 1, ...
 03996  1304   NtContinue  (23133488, 1, ...
 03997  1580   NtContinue  (21036336, 1, ...
 03998   484   NtContinue  (19987760, 1, ...
 03999   760   NtContinue  (18939184, 1, ...
 04000  1656   NtContinue  (17890608, 1, ...
 04001  1248   NtContinue  (16842032, 1, ...
 04002  1036   NtContinue  (15793456, 1, ...
 04003  1972   NtContinue  (14744880, 1, ...
 04004  1664   NtContinue  (13696304, 1, ...
 01507  1064   NtWaitForSingleObject  ... ) == 0x0
 03980   948   NtSetEventBoostPriority  ... ) == 0x0
 04005  1440   NtContinue  (12647728, 1, ...
 04006  2016   NtProtectVirtualMemory  (-1, (0x1540e000), 4096, 260, ...
 03981  1132   NtTestAlert  ... ) == 0x0
 04007  1756   NtTestAlert  (...
 04008  1596   NtRegisterThreadTerminatePort  (24, ...
 04009  1604   NtRegisterThreadTerminatePort  (24, ...
 04010  1572   NtRegisterThreadTerminatePort  (24, ...
 04011  1856   NtRegisterThreadTerminatePort  (24, ...
 04012  1068   NtRegisterThreadTerminatePort  (24, ...
 04013   460   NtRegisterThreadTerminatePort  (24, ...
 04014  1784   NtRegisterThreadTerminatePort  (24, ...
 04015  1480   NtRegisterThreadTerminatePort  (24, ...
 04016  1556   NtRegisterThreadTerminatePort  (24, ...
 04017  1980   NtRegisterThreadTerminatePort  (24, ...
 04018  1956   NtRegisterThreadTerminatePort  (24, ...
 04019   540   NtRegisterThreadTerminatePort  (24, ...
 04020  1292   NtRegisterThreadTerminatePort  (24, ...
 04021  1304   NtRegisterThreadTerminatePort  (24, ...
 04022  1580   NtRegisterThreadTerminatePort  (24, ...
 04023   484   NtRegisterThreadTerminatePort  (24, ...
 04024   760   NtRegisterThreadTerminatePort  (24, ...
 04025  1656   NtRegisterThreadTerminatePort  (24, ...
 04026  1248   NtRegisterThreadTerminatePort  (24, ...
 04027  1036   NtRegisterThreadTerminatePort  (24, ...
 04028  1972   NtRegisterThreadTerminatePort  (24, ...
 04029  1064   NtSetEventBoostPriority  (128, ...
 04030  1664   NtRegisterThreadTerminatePort  (24, ...
 04031  1272   NtRegisterThreadTerminatePort  (24, ...
 04032  1440   NtRegisterThreadTerminatePort  (24, ...
 04006  2016   NtProtectVirtualMemory  ... (0x1540e000), 4096, 4, ) == 0x0
 04033  1132   NtContinue  (38862128, 1, ...
 04007  1756   NtTestAlert  ... ) == 0x0
 04008  1596   NtRegisterThreadTerminatePort  ... ) == 0x0
 04009  1604   NtRegisterThreadTerminatePort  ... ) == 0x0
 04010  1572   NtRegisterThreadTerminatePort  ... ) == 0x0
 04011  1856   NtRegisterThreadTerminatePort  ... ) == 0x0
 04012  1068   NtRegisterThreadTerminatePort  ... ) == 0x0
 04013   460   NtRegisterThreadTerminatePort  ... ) == 0x0
 04014  1784   NtRegisterThreadTerminatePort  ... ) == 0x0
 04015  1480   NtRegisterThreadTerminatePort  ... ) == 0x0
 04016  1556   NtRegisterThreadTerminatePort  ... ) == 0x0
 04017  1980   NtRegisterThreadTerminatePort  ... ) == 0x0
 04018  1956   NtRegisterThreadTerminatePort  ... ) == 0x0
 04019   540   NtRegisterThreadTerminatePort  ... ) == 0x0
 04020  1292   NtRegisterThreadTerminatePort  ... ) == 0x0
 04021  1304   NtRegisterThreadTerminatePort  ... ) == 0x0
 04022  1580   NtRegisterThreadTerminatePort  ... ) == 0x0
 04023   484   NtRegisterThreadTerminatePort  ... ) == 0x0
 04024   760   NtRegisterThreadTerminatePort  ... ) == 0x0
 04025  1656   NtRegisterThreadTerminatePort  ... ) == 0x0
 04026  1248   NtRegisterThreadTerminatePort  ... ) == 0x0
 04027  1036   NtRegisterThreadTerminatePort  ... ) == 0x0
 01513   184   NtWaitForSingleObject  ... ) == 0x0
 04029  1064   NtSetEventBoostPriority  ... ) == 0x0
 04028  1972   NtRegisterThreadTerminatePort  ... ) == 0x0
 04030  1664   NtRegisterThreadTerminatePort  ... ) == 0x0
 04031  1272   NtRegisterThreadTerminatePort  ... ) == 0x0
 04032  1440   NtRegisterThreadTerminatePort  ... ) == 0x0
 04034  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 04035  1132   NtRegisterThreadTerminatePort  (24, ...
 04036  1756   NtContinue  (22084912, 1, ...
 04037  1596   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04038  1604   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04039  1572   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04040  1856   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04041  1068   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04042   460   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04043  1784   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04044  1480   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04045  1556   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04046  1980   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04047  1956   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04048   540   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04049  1292   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04050  1304   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04051  1580   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04052   484   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04053   760   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04054  1656   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04055  1248   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04056   184   NtSetEventBoostPriority  (128, ...
 04057  1036   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04058   948   NtTestAlert  (...
 04059  1972   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04060  1664   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04061  1272   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04062  1440   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04063  1064   NtTestAlert  (...
 04034  2016   NtCreateThread  ... 1440, {896, 2704}, ) == 0x0
 04064  1756   NtRegisterThreadTerminatePort  (24, ...
 04035  1132   NtRegisterThreadTerminatePort  ... ) == 0x0
 04037  1596   NtDuplicateObject  ... 1444, ) == 0x0
 04038  1604   NtDuplicateObject  ... 1448, ) == 0x0
 04039  1572   NtDuplicateObject  ... 1452, ) == 0x0
 04040  1856   NtDuplicateObject  ... 1456, ) == 0x0
 04041  1068   NtDuplicateObject  ... 1460, ) == 0x0
 04042   460   NtDuplicateObject  ... 1464, ) == 0x0
 04043  1784   NtDuplicateObject  ... 1468, ) == 0x0
 04044  1480   NtDuplicateObject  ... 1472, ) == 0x0
 04045  1556   NtDuplicateObject  ... 1476, ) == 0x0
 04046  1980   NtDuplicateObject  ... 1480, ) == 0x0
 04047  1956   NtDuplicateObject  ... 1484, ) == 0x0
 04048   540   NtDuplicateObject  ... 1488, ) == 0x0
 04049  1292   NtDuplicateObject  ... 1492, ) == 0x0
 04050  1304   NtDuplicateObject  ... 1496, ) == 0x0
 04051  1580   NtDuplicateObject  ... 1500, ) == 0x0
 04052   484   NtDuplicateObject  ... 1504, ) == 0x0
 04053   760   NtDuplicateObject  ... 1508, ) == 0x0
 04054  1656   NtDuplicateObject  ... 1512, ) == 0x0
 01523   284   NtWaitForSingleObject  ... ) == 0x0
 04056   184   NtSetEventBoostPriority  ... ) == 0x0
 04055  1248   NtDuplicateObject  ... 1516, ) == 0x0
 04058   948   NtTestAlert  ... ) == 0x0
 04057  1036   NtDuplicateObject  ... 1520, ) == 0x0
 04059  1972   NtDuplicateObject  ... 1524, ) == 0x0
 04061  1272   NtDuplicateObject  ... 1528, ) == 0x0
 04060  1664   NtDuplicateObject  ... 1532, ) == 0x0
 04063  1064   NtTestAlert  ... ) == 0x0
 04065  2016   NtQueryInformationThread  (1440, Basic, 28, ...
 04064  1756   NtRegisterThreadTerminatePort  ... ) == 0x0
 04066  1132   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04067  1596   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04068  1604   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04069  1572   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04070  1856   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04071  1068   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04072   460   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04073  1784   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04074  1480   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04075  1556   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04076  1980   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04077  1956   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04078   540   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04079  1292   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04080  1304   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04081  1580   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04082   484   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04083   760   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04084   284   NtSetEventBoostPriority  (128, ...
 04085  1656   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04062  1440   NtDuplicateObject  ... 1536, ) == 0x0
 04086  1248   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04087   948   NtContinue  (39910704, 1, ...
 04088  1036   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04089  1972   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04090  1272   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04091  1664   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04092  1064   NtContinue  (40959280, 1, ...
 04065  2016   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7fe69000,Pid=896,Tid=2704,}, 0x0, ) == 0x0
 04093  1756   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04066  1132   NtDuplicateObject  ... 1540, ) == 0x0
 04067  1596   NtWaitForSingleObject  ... ) == 0x102
 04068  1604   NtWaitForSingleObject  ... ) == 0x102
 04069  1572   NtWaitForSingleObject  ... ) == 0x102
 04070  1856   NtWaitForSingleObject  ... ) == 0x102
 04071  1068   NtWaitForSingleObject  ... ) == 0x102
 04072   460   NtWaitForSingleObject  ... ) == 0x102
 04073  1784   NtWaitForSingleObject  ... ) == 0x102
 04074  1480   NtWaitForSingleObject  ... ) == 0x102
 04075  1556   NtWaitForSingleObject  ... ) == 0x102
 04076  1980   NtWaitForSingleObject  ... ) == 0x102
 04077  1956   NtWaitForSingleObject  ... ) == 0x102
 04078   540   NtWaitForSingleObject  ... ) == 0x102
 04079  1292   NtWaitForSingleObject  ... ) == 0x102
 04080  1304   NtWaitForSingleObject  ... ) == 0x102
 04081  1580   NtWaitForSingleObject  ... ) == 0x102
 04082   484   NtWaitForSingleObject  ... ) == 0x102
 01529   188   NtWaitForSingleObject  ... ) == 0x0
 04084   284   NtSetEventBoostPriority  ... ) == 0x0
 04083   760   NtWaitForSingleObject  ... ) == 0x102
 04085  1656   NtWaitForSingleObject  ... ) == 0x102
 04094  1440   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04086  1248   NtWaitForSingleObject  ... ) == 0x102
 04095   948   NtRegisterThreadTerminatePort  (24, ...
 04088  1036   NtWaitForSingleObject  ... ) == 0x102
 04089  1972   NtWaitForSingleObject  ... ) == 0x102
 04091  1664   NtWaitForSingleObject  ... ) == 0x102
 04096  1064   NtRegisterThreadTerminatePort  (24, ...
 04097  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82220, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82220, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\5\0\0\200\3\0\0\220\12\0\0" ...  ...
 04098   184   NtTestAlert  (...
 04090  1272   NtWaitForSingleObject  ... ) == 0x102
 04099  1132   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04100  1596   NtAllocateVirtualMemory  (-1, 36753408, 0, 4096, 4096, 260, ...
 04101  1604   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04102  1572   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04103  1856   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04104  1068   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04105   460   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04106  1784   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04107  1480   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04108  1556   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04109  1980   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04110  1956   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04111   540   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04112  1292   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04113  1304   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04114  1580   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04115   188   NtSetEventBoostPriority  (128, ...
 04116   484   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04093  1756   NtDuplicateObject  ... 1544, ) == 0x0
 04117   760   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04118  1656   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04119  1248   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04095   948   NtRegisterThreadTerminatePort  ... ) == 0x0
 04120  1036   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04121  1972   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04122  1664   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04096  1064   NtRegisterThreadTerminatePort  ... ) == 0x0
 04097  2016   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 896, 2016, 82228, 0}  ... {28, 56, reply, 0, 896, 2016, 82228, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\5\0\0\200\3\0\0\220\12\0\0" )  ) == 0x0
 04098   184   NtTestAlert  ... ) == 0x0
 04123  1272   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04099  1132   NtWaitForSingleObject  ... ) == 0x102
 04100  1596   NtAllocateVirtualMemory  ... 36753408, 4096, ) == 0x0
 04101  1604   NtCreateEvent  ... 1548, ) == 0x0
 04102  1572   NtCreateEvent  ... 1552, ) == 0x0
 04103  1856   NtCreateEvent  ... 1556, ) == 0x0
 04104  1068   NtCreateEvent  ... 1560, ) == 0x0
 04105   460   NtCreateEvent  ... 1564, ) == 0x0
 04106  1784   NtCreateEvent  ... 1568, ) == 0x0
 04107  1480   NtCreateEvent  ... 1572, ) == 0x0
 04108  1556   NtCreateEvent  ... 1576, ) == 0x0
 04109  1980   NtCreateEvent  ... 1580, ) == 0x0
 04110  1956   NtCreateEvent  ... 1584, ) == 0x0
 04111   540   NtCreateEvent  ... 1588, ) == 0x0
 04112  1292   NtCreateEvent  ... 1592, ) == 0x0
 04113  1304   NtCreateEvent  ... 1596, ) == 0x0
 01539  1384   NtWaitForSingleObject  ... ) == 0x0
 04115   188   NtSetEventBoostPriority  ... ) == 0x0
 04114  1580   NtCreateEvent  ... 1600, ) == 0x0
 04116   484   NtCreateEvent  ... 1604, ) == 0x0
 04124  1756   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04117   760   NtCreateEvent  ... 1608, ) == 0x0
 04118  1656   NtCreateEvent  ... 1612, ) == 0x0
 04119  1248   NtCreateEvent  ... 1616, ) == 0x0
 04125   948   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04120  1036   NtCreateEvent  ... 1620, ) == 0x0
 04121  1972   NtCreateEvent  ... 1624, ) == 0x0
 04122  1664   NtCreateEvent  ... 1628, ) == 0x0
 04126  1064   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04127   284   NtTestAlert  (...
 04094  1440   NtWaitForSingleObject  ... ) == 0x102
 04128   184   NtContinue  (42007856, 1, ...
 04123  1272   NtCreateEvent  ... 1632, ) == 0x0
 04129  2016   NtResumeThread  (1440, ...
 04130  1132   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04131  1596   NtWaitForSingleObject  (128, 0, 0x0, ...
 04132  1604   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04133  1572   NtClose  (1552, ...
 04134  1856   NtClose  (1556, ...
 04135  1068   NtClose  (1560, ...
 04136   460   NtClose  (1564, ...
 04137  1784   NtClose  (1568, ...
 04138  1480   NtClose  (1572, ...
 04139  1556   NtClose  (1576, ...
 04140  1980   NtClose  (1580, ...
 04141  1956   NtClose  (1584, ...
 04142   540   NtClose  (1588, ...
 04143  1292   NtClose  (1592, ...
 04144  1384   NtSetEventBoostPriority  (128, ...
 04145  1304   NtClose  (1596, ...
 04146   188   NtTestAlert  (...
 04147  1580   NtClose  (1600, ...
 04124  1756   NtWaitForSingleObject  ... ) == 0x102
 04148   484   NtClose  (1604, ...
 04149   760   NtClose  (1608, ...
 04150  1656   NtClose  (1612, ...
 04151  1248   NtClose  (1616, ...
 04125   948   NtDuplicateObject  ... 1636, ) == 0x0
 04152  1036   NtClose  (1620, ...
 04153  1972   NtClose  (1624, ...
 04154  1664   NtClose  (1628, ...
 04127   284   NtTestAlert  ... ) == 0x0
 04155  1440   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04156   184   NtRegisterThreadTerminatePort  (24, ...
 04157  1272   NtClose  (1632, ...
 04129  2016   NtResumeThread  ... 1, ) == 0x0
 04130  1132   NtCreateEvent  ... 1640, ) == 0x0
 04133  1572   NtClose  ... ) == 0x0
 04134  1856   NtClose  ... ) == 0x0
 04135  1068   NtClose  ... ) == 0x0
 04136   460   NtClose  ... ) == 0x0
 04137  1784   NtClose  ... ) == 0x0
 04138  1480   NtClose  ... ) == 0x0
 04139  1556   NtClose  ... ) == 0x0
 04140  1980   NtClose  ... ) == 0x0
 04141  1956   NtClose  ... ) == 0x0
 04142   540   NtClose  ... ) == 0x0
 01545  1240   NtWaitForSingleObject  ... ) == 0x0
 04144  1384   NtSetEventBoostPriority  ... ) == 0x0
 04143  1292   NtClose  ... ) == 0x0
 04145  1304   NtClose  ... ) == 0x0
 04146   188   NtTestAlert  ... ) == 0x0
 04147  1580   NtClose  ... ) == 0x0
 04158  1756   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04148   484   NtClose  ... ) == 0x0
 04149   760   NtClose  ... ) == 0x0
 04150  1656   NtClose  ... ) == 0x0
 04151  1248   NtClose  ... ) == 0x0
 04159   948   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04126  1064   NtDuplicateObject  ... 1616, ) == 0x0
 04160  2704   NtWaitForSingleObject  (128, 0, 0x0, ...
 04152  1036   NtClose  ... ) == 0x0
 04153  1972   NtClose  ... ) == 0x0
 04154  1664   NtClose  ... ) == 0x0
 04161   284   NtContinue  (43056432, 1, ...
 04156   184   NtRegisterThreadTerminatePort  ... ) == 0x0
 04157  1272   NtClose  ... ) == 0x0
 04162  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 04163  1132   NtClose  (1640, ...
 04164  1572   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04165  1856   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04166  1068   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04167   460   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04168  1784   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04169  1480   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04170  1556   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04171  1980   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04172  1956   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04173  1240   NtSetEventBoostPriority  (128, ...
 04174   540   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04175  1292   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04176  1304   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04177   188   NtContinue  (44105008, 1, ...
 04178  1580   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04179   484   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04180   760   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04181  1656   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04182  1248   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04159   948   NtWaitForSingleObject  ... ) == 0x102
 04183  1064   NtWaitForSingleObject  (104, 0, {0, 0}, ...
 04184  1036   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04185  1972   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04186  1664   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04187   284   NtRegisterThreadTerminatePort  (24, ...
 04188   184   NtAllocateVirtualMemory  (-1, 1376256, 0, 4096, 4096, 4, ...
 04189  1272   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04162  2016   NtAllocateVirtualMemory  ... 356581376, 1048576, ) == 0x0
 04163  1132   NtClose  ... ) == 0x0
 01554   296   NtWaitForSingleObject  ... ) == 0x0
 04173  1240   NtSetEventBoostPriority  ... ) == 0x0
 04190   188   NtRegisterThreadTerminatePort  (24, ...
 04191   948   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04183  1064   NtWaitForSingleObject  ... ) == 0x102
 04187   284   NtRegisterThreadTerminatePort  ... ) == 0x0
 04192  1384   NtTestAlert  (...
 04188   184   NtAllocateVirtualMemory  ... 1376256, 4096, ) == 0x0
 04193  2016   NtAllocateVirtualMemory  (-1, 357621760, 0, 8192, 4096, 4, ...
 04194   296   NtSetEventBoostPriority  (128, ...
 04195  1132   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04190   188   NtRegisterThreadTerminatePort  ... ) == 0x0
 04196  1064   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04197   284   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04192  1384   NtTestAlert  ... ) == 0x0
 04198   184   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01561   740   NtWaitForSingleObject  ... ) == 0x0
 04193  2016   NtAllocateVirtualMemory  ... 357621760, 8192, ) == 0x0
 04199   188   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04196  1064   NtCreateEvent  ... 1640, ) == 0x0
 04194   296   NtSetEventBoostPriority  ... ) == 0x0
 04200  1240   NtTestAlert  (...
 04201  1384   NtContinue  (45153584, 1, ...
 04198   184   NtCreateEvent  ... 1632, ) == 0x0
 04202   740   NtSetEventBoostPriority  (128, ...
 04197   284   NtCreateEvent  ... 1628, ) == 0x0
 04203  2016   NtProtectVirtualMemory  (-1, (0x1550e000), 4096, 260, ...
 04199   188   NtCreateEvent  ... 1624, ) == 0x0
 04204  1064   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04200  1240   NtTestAlert  ... ) == 0x0
 04205  1384   NtRegisterThreadTerminatePort  (24, ...
 04206   184   NtClose  (1632, ...
 01570   120   NtWaitForSingleObject  ... ) == 0x0
 04202   740   NtSetEventBoostPriority  ... ) == 0x0
 04207   284   NtClose  (1628, ...
 04203  2016   NtProtectVirtualMemory  ... (0x1550e000), 4096, 4, ) == 0x0
 04208   188   NtClose  (1624, ...
 04209  1240   NtContinue  (46202160, 1, ...
 04205  1384   NtRegisterThreadTerminatePort  ... ) == 0x0
 04210   120   NtSetEventBoostPriority  (128, ...
 04206   184   NtClose  ... ) == 0x0
 04211   296   NtTestAlert  (...
 04207   284   NtClose  ... ) == 0x0
 04212  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 04208   188   NtClose  ... ) == 0x0
 04213  1240   NtRegisterThreadTerminatePort  (24, ...
 01577  1356   NtWaitForSingleObject  ... ) == 0x0
 04210   120   NtSetEventBoostPriority  ... ) == 0x0
 04214  1384   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04215   184   NtSetEventBoostPriority  (1640, ...
 04211   296   NtTestAlert  ... ) == 0x0
 04216   284   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04212  2016   NtCreateThread  ... 1624, {896, 2736}, ) == 0x0
 04217   188   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04218  1356   NtSetEventBoostPriority  (128, ...
 04213  1240   NtRegisterThreadTerminatePort  ... ) == 0x0
 04219   740   NtTestAlert  (...
 04220   120   NtTestAlert  (...
 04221   296   NtContinue  (47250736, 1, ...
 04222  2016   NtQueryInformationThread  (1624, Basic, 28, ...
 01586  1796   NtWaitForSingleObject  ... ) == 0x0
 04218  1356   NtSetEventBoostPriority  ... ) == 0x0
 04223  1240   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04219   740   NtTestAlert  ... ) == 0x0
 04220   120   NtTestAlert  ... ) == 0x0
 04224   296   NtRegisterThreadTerminatePort  (24, ...
 04225  1796   NtSetEventBoostPriority  (128, ...
 04222  2016   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7fe68000,Pid=896,Tid=2736,}, 0x0, ) == 0x0
 04204  1064   NtWaitForSingleObject  ... ) == 0x0
 04215   184   NtSetEventBoostPriority  ... ) == 0x0
 04226  1356   NtTestAlert  (...
 04227   740   NtContinue  (48299312, 1, ...
 04228   120   NtContinue  (49347888, 1, ...
 01593   712   NtWaitForSingleObject  ... ) == 0x0
 04225  1796   NtSetEventBoostPriority  ... ) == 0x0
 04224   296   NtRegisterThreadTerminatePort  ... ) == 0x0
 04229  1064   NtSetEventBoostPriority  (1640, ...
 04230   184   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04226  1356   NtTestAlert  ... ) == 0x0
 04231   740   NtRegisterThreadTerminatePort  (24, ...
 04232   712   NtSetEventBoostPriority  (128, ...
 04233   120   NtRegisterThreadTerminatePort  (24, ...
 04234  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82228, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82228, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\6\0\0\200\3\0\0\260\12\0\0" ...  ...
 04235   296   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04214  1384   NtWaitForSingleObject  ... ) == 0x0
 04229  1064   NtSetEventBoostPriority  ... ) == 0x0
 04230   184   NtDuplicateObject  ... 1628, ) == 0x0
 04236  1356   NtContinue  (50396464, 1, ...
 01602  1728   NtWaitForSingleObject  ... ) == 0x0
 04232   712   NtSetEventBoostPriority  ... ) == 0x0
 04231   740   NtRegisterThreadTerminatePort  ... ) == 0x0
 04233   120   NtRegisterThreadTerminatePort  ... ) == 0x0
 04234  2016   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 896, 2016, 82234, 0}  ... {28, 56, reply, 0, 896, 2016, 82234, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\6\0\0\200\3\0\0\260\12\0\0" )  ) == 0x0
 04237  1796   NtTestAlert  (...
 04238  1384   NtSetEventBoostPriority  (1640, ...
 04239  1064   NtWaitForSingleObject  (1548, 0, 0x0, ...
 04240   184   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04241  1728   NtSetEventBoostPriority  (128, ...
 04242  1356   NtRegisterThreadTerminatePort  (24, ...
 04243   740   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04244   120   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04245  2016   NtResumeThread  (1624, ...
 04216   284   NtWaitForSingleObject  ... ) == 0x0
 04237  1796   NtTestAlert  ... ) == 0x0
 04238  1384   NtSetEventBoostPriority  ... ) == 0x0
 04246   712   NtTestAlert  (...
 01609   152   NtWaitForSingleObject  ... ) == 0x0
 04241  1728   NtSetEventBoostPriority  ... ) == 0x0
 04242  1356   NtRegisterThreadTerminatePort  ... ) == 0x0
 04245  2016   NtResumeThread  ... 1, ) == 0x0
 04247   284   NtSetEventBoostPriority  (1640, ...
 04248  1796   NtContinue  (51445040, 1, ...
 04249  2736   NtWaitForSingleObject  (128, 0, 0x0, ...
 04250   152   NtSetEventBoostPriority  (128, ...
 04246   712   NtTestAlert  ... ) == 0x0
 04251  1384   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04252  1356   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04253  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 04217   188   NtWaitForSingleObject  ... ) == 0x0
 04247   284   NtSetEventBoostPriority  ... ) == 0x0
 04254  1796   NtRegisterThreadTerminatePort  (24, ...
 01618   212   NtWaitForSingleObject  ... ) == 0x0
 04250   152   NtSetEventBoostPriority  ... ) == 0x0
 04255   712   NtContinue  (52493616, 1, ...
 04251  1384   NtDuplicateObject  ... 1632, ) == 0x0
 04256  1728   NtTestAlert  (...
 04257   188   NtSetEventBoostPriority  (1640, ...
 04253  2016   NtAllocateVirtualMemory  ... 357629952, 1048576, ) == 0x0
 04258   212   NtSetEventBoostPriority  (128, ...
 04254  1796   NtRegisterThreadTerminatePort  ... ) == 0x0
 04259   284   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04260   712   NtRegisterThreadTerminatePort  (24, ...
 04261  1384   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04223  1240   NtWaitForSingleObject  ... ) == 0x0
 04257   188   NtSetEventBoostPriority  ... ) == 0x0
 04256  1728   NtTestAlert  ... ) == 0x0
 01625   180   NtWaitForSingleObject  ... ) == 0x0
 04258   212   NtSetEventBoostPriority  ... ) == 0x0
 04262  2016   NtAllocateVirtualMemory  (-1, 358670336, 0, 8192, 4096, 4, ...
 04263  1796   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04259   284   NtDuplicateObject  ... 1620, ) == 0x0
 04260   712   NtRegisterThreadTerminatePort  ... ) == 0x0
 04264  1240   NtSetEventBoostPriority  (1640, ...
 04265   152   NtTestAlert  (...
 04266   180   NtSetEventBoostPriority  (128, ...
 04267  1728   NtContinue  (53542192, 1, ...
 04268   188   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04262  2016   NtAllocateVirtualMemory  ... 358670336, 8192, ) == 0x0
 04269   212   NtTestAlert  (...
 04270   284   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04235   296   NtWaitForSingleObject  ... ) == 0x0
 04271   712   NtWaitForSingleObject  (1640, 0, 0x0, ...
 01633  1256   NtWaitForSingleObject  ... ) == 0x0
 04266   180   NtSetEventBoostPriority  ... ) == 0x0
 04265   152   NtTestAlert  ... ) == 0x0
 04272  1728   NtRegisterThreadTerminatePort  (24, ...
 04268   188   NtDuplicateObject  ... 1612, ) == 0x0
 04273  2016   NtProtectVirtualMemory  (-1, (0x1560e000), 4096, 260, ...
 04269   212   NtTestAlert  ... ) == 0x0
 04274   296   NtSetEventBoostPriority  (1640, ...
 04264  1240   NtSetEventBoostPriority  ... ) == 0x0
 04275  1256   NtSetEventBoostPriority  (128, ...
 04276   152   NtContinue  (54590768, 1, ...
 04272  1728   NtRegisterThreadTerminatePort  ... ) == 0x0
 04277   188   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04273  2016   NtProtectVirtualMemory  ... (0x1560e000), 4096, 4, ) == 0x0
 04278   212   NtContinue  (55639344, 1, ...
 04240   184   NtWaitForSingleObject  ... ) == 0x0
 01642  1904   NtWaitForSingleObject  ... ) == 0x0
 04275  1256   NtSetEventBoostPriority  ... ) == 0x0
 04279  1240   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04280   152   NtRegisterThreadTerminatePort  (24, ...
 04281  1728   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04282  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 04283   212   NtRegisterThreadTerminatePort  (24, ...
 04284  1904   NtSetEventBoostPriority  (128, ...
 04285   184   NtSetEventBoostPriority  (1640, ...
 04274   296   NtSetEventBoostPriority  ... ) == 0x0
 04286   180   NtTestAlert  (...
 04279  1240   NtDuplicateObject  ... 1608, ) == 0x0
 04280   152   NtRegisterThreadTerminatePort  ... ) == 0x0
 04287  1256   NtTestAlert  (...
 01650   464   NtWaitForSingleObject  ... ) == 0x0
 04284  1904   NtSetEventBoostPriority  ... ) == 0x0
 04283   212   NtRegisterThreadTerminatePort  ... ) == 0x0
 04243   740   NtWaitForSingleObject  ... ) == 0x0
 04285   184   NtSetEventBoostPriority  ... ) == 0x0
 04288   296   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04286   180   NtTestAlert  ... ) == 0x0
 04282  2016   NtCreateThread  ... 1604, {896, 2768}, ) == 0x0
 04289   152   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04290   464   NtSetEventBoostPriority  (128, ...
 04287  1256   NtTestAlert  ... ) == 0x0
 04291  1240   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04292   740   NtSetEventBoostPriority  (1640, ...
 04293   212   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04294  1904   NtTestAlert  (...
 04288   296   NtDuplicateObject  ... 1600, ) == 0x0
 04295   180   NtContinue  (56687920, 1, ...
 04296  2016   NtQueryInformationThread  (1604, Basic, 28, ...
 04297   184   NtWaitForSingleObject  (1640, 0, 0x0, ...
 01657  1536   NtWaitForSingleObject  ... ) == 0x0
 04290   464   NtSetEventBoostPriority  ... ) == 0x0
 04298  1256   NtContinue  (57736496, 1, ...
 04244   120   NtWaitForSingleObject  ... ) == 0x0
 04292   740   NtSetEventBoostPriority  ... ) == 0x0
 04294  1904   NtTestAlert  ... ) == 0x0
 04299   180   NtRegisterThreadTerminatePort  (24, ...
 04296  2016   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7fe67000,Pid=896,Tid=2768,}, 0x0, ) == 0x0
 04300  1536   NtSetEventBoostPriority  (128, ...
 04301   296   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04302  1256   NtRegisterThreadTerminatePort  (24, ...
 04303   120   NtSetEventBoostPriority  (1640, ...
 04304   740   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04305  1904   NtContinue  (58785072, 1, ...
 04299   180   NtRegisterThreadTerminatePort  ... ) == 0x0
 01666   444   NtWaitForSingleObject  ... ) == 0x0
 04300  1536   NtSetEventBoostPriority  ... ) == 0x0
 04306  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82234, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82234, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\6\0\0\200\3\0\0\320\12\0\0" ...  ...
 04302  1256   NtRegisterThreadTerminatePort  ... ) == 0x0
 04252  1356   NtWaitForSingleObject  ... ) == 0x0
 04304   740   NtDuplicateObject  ... 1596, ) == 0x0
 04307  1904   NtRegisterThreadTerminatePort  (24, ...
 04308   444   NtSetEventBoostPriority  (128, ...
 04309   180   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04303   120   NtSetEventBoostPriority  ... ) == 0x0
 04310   464   NtTestAlert  (...
 04306  2016   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 896, 2016, 82235, 0}  ... {28, 56, reply, 0, 896, 2016, 82235, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\6\0\0\200\3\0\0\320\12\0\0" )  ) == 0x0
 04311  1256   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04312  1356   NtSetEventBoostPriority  (1640, ...
 04313  1536   NtTestAlert  (...
 01673  1936   NtWaitForSingleObject  ... ) == 0x0
 04308   444   NtSetEventBoostPriority  ... ) == 0x0
 04307  1904   NtRegisterThreadTerminatePort  ... ) == 0x0
 04314   740   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04315   120   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04310   464   NtTestAlert  ... ) == 0x0
 04316  2016   NtResumeThread  (1604, ...
 04261  1384   NtWaitForSingleObject  ... ) == 0x0
 04317  1936   NtSetEventBoostPriority  (128, ...
 04313  1536   NtTestAlert  ... ) == 0x0
 04312  1356   NtSetEventBoostPriority  ... ) == 0x0
 04318  1904   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04315   120   NtDuplicateObject  ... 1592, ) == 0x0
 04319   464   NtContinue  (59833648, 1, ...
 04316  2016   NtResumeThread  ... 1, ) == 0x0
 01681  1648   NtWaitForSingleObject  ... ) == 0x0
 04317  1936   NtSetEventBoostPriority  ... ) == 0x0
 04320  1384   NtSetEventBoostPriority  (1640, ...
 04321  1536   NtContinue  (60882224, 1, ...
 04322  1356   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04323   444   NtTestAlert  (...
 04324  2768   NtWaitForSingleObject  (128, 0, 0x0, ...
 04325   464   NtRegisterThreadTerminatePort  (24, ...
 04326  1648   NtSetEventBoostPriority  (128, ...
 04327  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 04328   120   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04270   284   NtWaitForSingleObject  ... ) == 0x0
 04320  1384   NtSetEventBoostPriority  ... ) == 0x0
 04329  1536   NtRegisterThreadTerminatePort  (24, ...
 04322  1356   NtDuplicateObject  ... 1588, ) == 0x0
 04323   444   NtTestAlert  ... ) == 0x0
 01690   276   NtWaitForSingleObject  ... ) == 0x0
 04326  1648   NtSetEventBoostPriority  ... ) == 0x0
 04325   464   NtRegisterThreadTerminatePort  ... ) == 0x0
 04327  2016   NtAllocateVirtualMemory  ... 358678528, 1048576, ) == 0x0
 04330   284   NtSetEventBoostPriority  (1640, ...
 04331  1936   NtTestAlert  (...
 04329  1536   NtRegisterThreadTerminatePort  ... ) == 0x0
 04332  1384   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04333   276   NtSetEventBoostPriority  (128, ...
 04334   444   NtContinue  (61930800, 1, ...
 04335  1356   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04336   464   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04263  1796   NtWaitForSingleObject  ... ) == 0x0
 04330   284   NtSetEventBoostPriority  ... ) == 0x0
 04337  2016   NtAllocateVirtualMemory  (-1, 359718912, 0, 8192, 4096, 4, ...
 04331  1936   NtTestAlert  ... ) == 0x0
 04338  1536   NtWaitForSingleObject  (1640, 0, 0x0, ...
 01697   968   NtWaitForSingleObject  ... ) == 0x0
 04333   276   NtSetEventBoostPriority  ... ) == 0x0
 04339   444   NtRegisterThreadTerminatePort  (24, ...
 04340  1648   NtTestAlert  (...
 04341  1796   NtSetEventBoostPriority  (1640, ...
 04337  2016   NtAllocateVirtualMemory  ... 359718912, 8192, ) == 0x0
 04342  1936   NtContinue  (62979376, 1, ...
 04343   284   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04344   968   NtSetEventBoostPriority  (128, ...
 04339   444   NtRegisterThreadTerminatePort  ... ) == 0x0
 04271   712   NtWaitForSingleObject  ... ) == 0x0
 04340  1648   NtTestAlert  ... ) == 0x0
 04341  1796   NtSetEventBoostPriority  ... ) == 0x0
 04345   276   NtTestAlert  (...
 04346  1936   NtRegisterThreadTerminatePort  (24, ...
 01706  1688   NtWaitForSingleObject  ... ) == 0x0
 04344   968   NtSetEventBoostPriority  ... ) == 0x0
 04347   444   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04348   712   NtSetEventBoostPriority  (1640, ...
 04349  1648   NtContinue  (64027952, 1, ...
 04350  1796   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04345   276   NtTestAlert  ... ) == 0x0
 04351  1688   NtSetEventBoostPriority  (128, ...
 04346  1936   NtRegisterThreadTerminatePort  ... ) == 0x0
 04352  2016   NtProtectVirtualMemory  (-1, (0x1570e000), 4096, 260, ...
 04353   968   NtTestAlert  (...
 04277   188   NtWaitForSingleObject  ... ) == 0x0
 04354  1648   NtRegisterThreadTerminatePort  (24, ...
 04350  1796   NtDuplicateObject  ... 1584, ) == 0x0
 01713   308   NtWaitForSingleObject  ... ) == 0x0
 04351  1688   NtSetEventBoostPriority  ... ) == 0x0
 04355   276   NtContinue  (65076528, 1, ...
 04356  1936   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04352  2016   NtProtectVirtualMemory  ... (0x1570e000), 4096, 4, ) == 0x0
 04353   968   NtTestAlert  ... ) == 0x0
 04357   188   NtSetEventBoostPriority  (1640, ...
 04354  1648   NtRegisterThreadTerminatePort  ... ) == 0x0
 04348   712   NtSetEventBoostPriority  ... ) == 0x0
 04358   308   NtAllocateVirtualMemory  (-1, 3629056, 0, 4096, 4096, 4, ...
 04359  1796   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04360   276   NtRegisterThreadTerminatePort  (24, ...
 04361  1688   NtTestAlert  (...
 04362  2016   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 04363   968   NtContinue  (66125104, 1, ...
 04281  1728   NtWaitForSingleObject  ... ) == 0x0
 04357   188   NtSetEventBoostPriority  ... ) == 0x0
 04364  1648   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04358   308   NtAllocateVirtualMemory  ... 3629056, 4096, ) == 0x0
 04365   712   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04360   276   NtRegisterThreadTerminatePort  ... ) == 0x0
 04361  1688   NtTestAlert  ... ) == 0x0
 04362  2016   NtCreateThread  ... 1580, {896, 2796}, ) == 0x0
 04366  1728   NtSetEventBoostPriority  (1640, ...
 04367   968   NtRegisterThreadTerminatePort  (24, ...
 04368   188   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04365   712   NtDuplicateObject  ... 1576, ) == 0x0
 04369   276   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04370  1688   NtContinue  (67173680, 1, ...
 04291  1240   NtWaitForSingleObject  ... ) == 0x0
 04371  2016   NtQueryInformationThread  (1580, Basic, 28, ...
 04367   968   NtRegisterThreadTerminatePort  ... ) == 0x0
 04366  1728   NtSetEventBoostPriority  ... ) == 0x0
 04372   308   NtSetEventBoostPriority  (128, ...
 04373   712   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04374  1688   NtRegisterThreadTerminatePort  (24, ...
 04375  1240   NtSetEventBoostPriority  (1640, ...
 04371  2016   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7fe66000,Pid=896,Tid=2796,}, 0x0, ) == 0x0
 04376   968   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04377  1728   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01721  1584   NtWaitForSingleObject  ... ) == 0x0
 04372   308   NtSetEventBoostPriority  ... ) == 0x0
 04374  1688   NtRegisterThreadTerminatePort  ... ) == 0x0
 04289   152   NtWaitForSingleObject  ... ) == 0x0
 04375  1240   NtSetEventBoostPriority  ... ) == 0x0
 04378  2016   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 896, 2016, 82235, 0}  (24, {28, 56, new_msg, 0, 896, 2016, 82235, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\6\0\0\200\3\0\0\354\12\0\0" ...  ...
 04379  1584   NtSetEventBoostPriority  (128, ...
 04377  1728   NtDuplicateObject  ... 1572, ) == 0x0
 04380   308   NtTestAlert  (...
 04381   152   NtSetEventBoostPriority  (1640, ...
 04382  1688   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04383  1240   NtWaitForSingleObject  (1640, 0, 0x0, ...
 01730  1496   NtWaitForSingleObject  ... ) == 0x0
 04379  1584   NtSetEventBoostPriority  ... ) == 0x0
 04378  2016   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 896, 2016, 82236, 0}  ... {28, 56, reply, 0, 896, 2016, 82236, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\6\0\0\200\3\0\0\354\12\0\0" )  ) == 0x0
 04293   212   NtWaitForSingleObject  ... ) == 0x0
 04380   308   NtTestAlert  ... ) == 0x0
 04381   152   NtSetEventBoostPriority  ... ) == 0x0
 04384  1728   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04385  1496   NtSetEventBoostPriority  (128, ...
 04386  2016   NtResumeThread  (1580, ...
 04387   212   NtSetEventBoostPriority  (1640, ...
 04388   308   NtContinue  (68222256, 1, ...
 04389   152   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01737  1944   NtWaitForSingleObject  ... ) == 0x0
 04385  1496   NtSetEventBoostPriority  ... ) == 0x0
 04386  2016   NtResumeThread  ... 1, ) == 0x0
 04297   184   NtWaitForSingleObject  ... ) == 0x0
 04390   308   NtRegisterThreadTerminatePort  (24, ...
 04391  1944   NtSetEventBoostPriority  (128, ...
 04389   152   NtDuplicateObject  ... 1568, ) == 0x0
 04387   212   NtSetEventBoostPriority  ... ) == 0x0
 04392  1584   NtTestAlert  (...
 04393  2796   NtWaitForSingleObject  (128, 0, 0x0, ...
 04394  2016   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 04395   184   NtSetEventBoostPriority  (1640, ...
 04396  1496   NtTestAlert  (...
 01746  1896   NtWaitForSingleObject  ... ) == 0x0
 04391  1944   NtSetEventBoostPriority  ... ) == 0x0
 04390   308   NtRegisterThreadTerminatePort  ... ) == 0x0
 04397   212   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04392  1584   NtTestAlert  ... ) == 0x0
 04398   152   NtWaitForSingleObject  (1640, 0, 0x0, ...
 04301   296   NtWaitForSingleObject  ... ) == 0x0
 04395   184   NtSetEventBoostPriority  ... ) == 0x0
 04399  1896   NtSetEventBoostPriority  (128, ...
 04396  1496   NtTestAlert  ... ) == 0x0