Summary:


NtAccessCheck(>)  1 
NtUserCallHwndParam(>)  1 
NtSetInformationObject(>)  3 
NtOpenProcessTokenEx(>)  8 

NtCallbackReturn(>)  1 
NtUserCallMsgFilter(>)  1 
NtUserCallHwndLock(>)  3 
NtOpenThreadTokenEx(>)  8 

NtConnectPort(>)  1 
NtUserDrawIconEx(>)  1 
NtUserEndPaint(>)  3 
NtQueryDebugFilterState(>)  8 

NtContinue(>)  1 
NtUserGetCursorFrameInfo(>)  1 
NtUserGetControlBrush(>)  3 
NtSetValueKey(>)  8 

NtCreateEvent(>)  1 
NtUserGetDC(>)  1 
NtUserGetObjectInformation(>)  3 
NtUserPeekMessage(>)  9 

NtDuplicateObject(>)  1 
NtUserGetGUIThreadInfo(>)  1 
NtUserSetWindowPos(>)  3 
NtRequestWaitReplyPort(>)  10 

NtEnumerateValueKey(>)  1 
NtUserGetIconSize(>)  1 
NtCreateFile(>)  4 
NtUnmapViewOfSection(>)  10 

NtFreeVirtualMemory(>)  1 
NtUserGetProcessWindowStation(>)  1 
NtOpenProcessToken(>)  4 
NtUserCreateWindowEx(>)  10 

NtFsControlFile(>)  1 
NtUserModifyUserStartupInfoFlags(>)  1 
NtQuerySection(>)  4 
NtUserSystemParametersInfo(>)  11 

NtGdiCreateBitmap(>)  1 
NtUserUnregisterClass(>)  1 
NtUserCalcMenuBar(>)  4 
NtCreateSection(>)  12 

NtGdiExtCreateRegion(>)  1 
NtGdiCreatePatternBrushInternal(>)  2 
NtUserFillWindow(>)  4 
NtGdiExtSelectClipRgn(>)  12 

NtGdiExtGetObjectW(>)  1 
NtGdiCreateSolidBrush(>)  2 
NtUserGetClassName(>)  4 
NtGdiGetRandomRgn(>)  12 

NtGdiGetDCDword(>)  1 
NtGdiGetWidthTable(>)  2 
NtUserGetDCEx(>)  4 
NtQueryInformationToken(>)  12 

NtGdiGetTextExtent(>)  1 
NtOpenDirectoryObject(>)  2 
NtUserGetTitleBarInfo(>)  4 
NtDeviceIoControlFile(>)  16 

NtGdiInit(>)  1 
NtQueryInstallUILanguage(>)  2 
NtUserQueryWindow(>)  4 
NtGdiIntersectClipRect(>)  16 

NtGdiOffsetRgn(>)  1 
NtQueryVirtualMemory(>)  2 
NtUserRemoveProp(>)  4 
NtFlushInstructionCache(>)  17 

NtGdiQueryFontAssocInfo(>)  1 
NtUserDestroyWindow(>)  2 
NtUserSetWindowFNID(>)  4 
NtOpenFile(>)  17 

NtOpenEvent(>)  1 
NtUserGetForegroundWindow(>)  2 
NtUserWaitMessage(>)  4 
NtGdiDrawStream(>)  18 

NtOpenKeyedEvent(>)  1 
NtUserGetThreadDesktop(>)  2 
NtGdiGetStockObject(>)  5 
NtOpenSection(>)  18 

NtOpenMutant(>)  1 
NtUserSetCursor(>)  2 
NtUserGetAncestor(>)  5 
NtQueryAttributesFile(>)  19 

NtOpenProcess(>)  1 
NtUserSetFocus(>)  2 
NtUserGetAtomName(>)  5 
NtUserGetWindowDC(>)  24 

NtOpenSymbolicLinkObject(>)  1 
NtUserSetWindowRgn(>)  2 
NtUserRegisterWindowMessage(>)  5 
NtQueryValueKey(>)  26 

NtQueryInformationProcess(>)  1 
NtUserShowWindow(>)  2 
NtUserSetProp(>)  5 
NtAllocateVirtualMemory(>)  29 

NtQueryObject(>)  1 
NtAddAtom(>)  3 
NtUserSetWindowLong(>)  5 
NtMapViewOfSection(>)  29 

NtQueryPerformanceCounter(>)  1 
NtGdiBitBlt(>)  3 
NtGdiCombineRgn(>)  6 
NtUserCallOneParam(>)  30 

NtQuerySymbolicLinkObject(>)  1 
NtGdiCreateCompatibleBitmap(>)  3 
NtGdiCreateRectRgn(>)  6 
NtProtectVirtualMemory(>)  34 

NtQueryVolumeInformationFile(>)  1 
NtGdiExcludeClipRect(>)  3 
NtQueryDefaultUILanguage(>)  6 
NtUserGetClassInfo(>)  37 

NtRegisterThreadTerminatePort(>)  1 
NtGdiGetCharSet(>)  3 
NtUserBeginPaint(>)  6 
NtOpenKey(>)  42 

NtSecureConnectPort(>)  1 
NtGdiGetTextCharsetInfo(>)  3 
NtGdiCreateCompatibleDC(>)  7 
NtUserFindExistingCursorIcon(>)  53 

NtSetInformationFile(>)  1 
NtGdiGetTextMetricsW(>)  3 
NtGdiSelectBitmap(>)  7 
NtUserMessageCall(>)  64 

NtSetInformationThread(>)  1 
NtGdiHfontCreate(>)  3 
NtUserCallNoParam(>)  7 
NtUserRegisterClassExWOW(>)  64 

NtTestAlert(>)  1 
NtGdiSetupPublicCFONT(>)  3 
NtUserInternalGetWindowText(>)  7 
NtQuerySystemInformation(>)  73 

NtUserBuildHwndList(>)  1 
NtQueryDefaultLocale(>)  3 
NtCreateKey(>)  8 
NtReadFile(>)  74 

NtUserCallHwnd(>)  1 
NtQueryInformationFile(>)  3 
NtGdiDeleteObjectApp(>)  8 
NtClose(>)  92 


Trace:
 00001   480   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\packed.exe"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00002   480   NtOpenKeyedEvent  (0x2000000, {24, 0, 0x0, 0, 0,  (0x2000000, {24, 0, 0x0, 0, 0, "\KernelObjects\CritSecOutOfMemoryEvent"}, ... 4, ) }, ... 4, ) == 0x0
 00003   480   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00004   480   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 1310720, 1048576, ) == 0x0
 00005   480   NtAllocateVirtualMemory  (-1, 1310720, 0, 4096, 4096, 4, ... 1310720, 4096, ) == 0x0
 00006   480   NtAllocateVirtualMemory  (-1, 1314816, 0, 8192, 4096, 4, ... 1314816, 8192, ) == 0x0
 00007   480   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00008   480   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 2359296, 65536, ) == 0x0
 00009   480   NtAllocateVirtualMemory  (-1, 2359296, 0, 24576, 4096, 4, ... 2359296, 24576, ) == 0x0
 00010   480   NtOpenDirectoryObject  (0x3, {24, 0, 0x40, 0, 0,  (0x3, {24, 0, 0x40, 0, 0, "\KnownDlls"}, ... 8, ) }, ... 8, ) == 0x0
 00011   480   NtOpenSymbolicLinkObject  (0x1, {24, 8, 0x40, 0, 0,  (0x1, {24, 8, 0x40, 0, 0, "KnownDllPath"}, ... 12, ) }, ... 12, ) == 0x0
 00012   480   NtQuerySymbolicLinkObject  (12, ...  (12, ... "C:\WINDOWS\system32", 0x0, ) , 0x0, ) == 0x0
 00013   480   NtClose  (12, ... ) == 0x0
 00014   480   NtOpenFile  (0x100020, {24, 0, 0x42, 0, 0,  (0x100020, {24, 0, 0x42, 0, 0, "\??\U:\startupscripts\"}, 3, 33, ... 12, {status=0x0, info=1}, ) }, 3, 33, ... 12, {status=0x0, info=1}, ) == 0x0
 00015   480   NtQueryVolumeInformationFile  (12, 1243848, 8, Device, ... {status=0x0, info=8}, ) == 0x0
 00016   480   NtFsControlFile  (12, 0, 0x0, 0x0, 0x90028, 0x0, 0, 0, ... ) == STATUS_INVALID_PARAMETER
 00017   480   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\packed.exe.Local"}, 1243832, ... ) }, 1243832, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00018   480   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "kernel32.dll"}, ... 16, ) }, ... 16, ) == 0x0
 00019   480   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77e60000), 0x0, 937984, ) == 0x0
 00020   480   NtClose  (16, ... ) == 0x0
 00021   480   NtQuerySystemInformation  (RangeStart, 4, ... {system info, class 50, size 4}, 0x0, ) == 0x0
 00022   480   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00023   480   NtCreateSection  (0xf001f, 0x0, {65536, 0}, 4, 67108864, 0, ... 16, ) == 0x0
 00024   480   NtSecureConnectPort  ( ("\Windows\ApiPort", {0, 2, 1, 1}, {24, 16, 0, 65536, 0, 0}, 1319736, {12, 0, 0}, 1242016, 44, ... 24, {24, 16, 0, 65536, 2424832, 18546688}, {0, 0, 0}, 200, 44, ) , {0, 2, 1, 1}, {24, 16, 0, 65536, 0, 0}, 1319736, {12, 0, 0}, 1242016, 44, ... 24, {24, 16, 0, 65536, 2424832, 18546688}, {0, 0, 0}, 200, 44, ) == 0x0
 00025   480   NtClose  (16, ... ) == 0x0
 00026   480   NtQueryObject  (24, Handle, 2, ... {Inherit=0,ProtectFromClose=0,}, -1, ) == 0x0
 00027   480   NtSetInformationObject  (24, Handle, {Inherit=0,ProtectFromClose=1,}, 256, ... ) == 0x0
 00028   480   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00029   480   NtQueryVirtualMemory  (-1, 0x250000, Basic, 28, ... {BaseAddress=0x250000,AllocationBase=0x250000,AllocationProtect=0x4,RegionSize=0x10000,State=0x2000,Protect=0x0,Type=0x40000,}, 0x0, ) == 0x0
 00030   480   NtAllocateVirtualMemory  (-1, 2424832, 0, 4096, 4096, 4, ... 2424832, 4096, ) == 0x0
 00031   480   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 0, 0, 0, 0}  (24, {28, 56, new_msg, 0, 0, 0, 0, 0} "\210\6\33\1\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\33\1\4\0\0\0" ... {28, 56, reply, 0, 432, 480, 1537, 0} "\330\375\26\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\33\1\4\0\0\0" )  ... {28, 56, reply, 0, 432, 480, 1537, 0}  (24, {28, 56, new_msg, 0, 0, 0, 0, 0} "\210\6\33\1\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\33\1\4\0\0\0" ... {28, 56, reply, 0, 432, 480, 1537, 0} "\330\375\26\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\33\1\4\0\0\0" )  ) == 0x0
 00032   480   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00033   480   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 16, ) }, ... 16, ) == 0x0
 00034   480   NtQueryValueKey  (16,  (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00035   480   NtClose  (16, ... ) == 0x0
 00036   480   NtAllocateVirtualMemory  (-1, 1232896, 0, 4096, 4096, 260, ... 1232896, 4096, ) == 0x0
 00037   480   NtOpenMutant  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\NlsCacheMutant"}, ... 16, ) }, ... 16, ) == 0x0
 00038   480   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionUnicode"}, ... 28, ) }, ... 28, ) == 0x0
 00039   480   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x260000), 0x0, 90112, ) == 0x0
 00040   480   NtClose  (28, ... ) == 0x0
 00041   480   NtQueryDefaultLocale  (0, 2012046252, ... ) == 0x0
 00042   480   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionLocale"}, ... 28, ) }, ... 28, ) == 0x0
 00043   480   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x280000), 0x0, 212992, ) == 0x0
 00044   480   NtClose  (28, ... ) == 0x0
 00045   480   NtOpenSection  (0x5, {24, 0, 0x40, 0, 0,  (0x5, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey"}, ... 28, ) }, ... 28, ) == 0x0
 00046   480   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x2c0000), 0x0, 266240, ) == 0x0
 00047   480   NtQuerySection  (28, Basic, 16, ... {BaseAddress=0x0,Attributes=0x800000,Size={0x40004, 0x0},}, 0x0, ) == 0x0
 00048   480   NtClose  (28, ... ) == 0x0
 00049   480   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortTbls"}, ... 28, ) }, ... 28, ) == 0x0
 00050   480   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x310000), 0x0, 24576, ) == 0x0
 00051   480   NtClose  (28, ... ) == 0x0
 00052   480   NtQueryVirtualMemory  (-1, 0x7ffd2000, Basic, 28, ... {BaseAddress=0x7ffd2000,AllocationBase=0x7ffb0000,AllocationProtect=0x2,RegionSize=0x2000,State=0x1000,Protect=0x2,Type=0x40000,}, 0x0, ) == 0x0
 00053   480   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey00000409"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00054   480   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey00000409"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00055   480   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 2012558373, 2012047104, 2013025280, 0}  (24, {28, 56, new_msg, 0, 2012558373, 2012047104, 2013025280, 0} "\210\6\33\1\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\33\18\6\0\0" ... {28, 56, reply, 0, 432, 480, 1539, 0} "(\261\26\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\33\18\6\0\0" )  ... {28, 56, reply, 0, 432, 480, 1539, 0}  (24, {28, 56, new_msg, 0, 2012558373, 2012047104, 2013025280, 0} "\210\6\33\1\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\33\18\6\0\0" ... {28, 56, reply, 0, 432, 480, 1539, 0} "(\261\26\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\33\18\6\0\0" )  ) == 0x0
 00056   480   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "COMCTL32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00057   480   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77340000), 0x0, 569344, ) == 0x0
 00058   480   NtClose  (28, ... ) == 0x0
 00059   480   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "GDI32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00060   480   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77c70000), 0x0, 262144, ) == 0x0
 00061   480   NtClose  (28, ... ) == 0x0
 00062   480   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "USER32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00063   480   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77d40000), 0x0, 577536, ) == 0x0
 00064   480   NtClose  (28, ... ) == 0x0
 00065   480   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "ADVAPI32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00066   480   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77dd0000), 0x0, 569344, ) == 0x0
 00067   480   NtClose  (28, ... ) == 0x0
 00068   480   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "RPCRT4.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00069   480   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77cc0000), 0x0, 479232, ) == 0x0
 00070   480   NtClose  (28, ... ) == 0x0
 00071   480   NtProtectVirtualMemory  (-1, (0x408000), 672, 4, ... (0x408000), 4096, 2, ) == 0x0
 00072   480   NtProtectVirtualMemory  (-1, (0x408000), 4096, 2, ... (0x408000), 4096, 4, ) == 0x0
 00073   480   NtFlushInstructionCache  (-1, 4227072, 672, ... ) == 0x0
 00074   480   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "VERSION.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00075   480   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77c00000), 0x0, 28672, ) == 0x0
 00076   480   NtClose  (28, ... ) == 0x0
 00077   480   NtProtectVirtualMemory  (-1, (0x408000), 672, 4, ... (0x408000), 4096, 2, ) == 0x0
 00078   480   NtProtectVirtualMemory  (-1, (0x408000), 4096, 2, ... (0x408000), 4096, 4, ) == 0x0
 00079   480   NtFlushInstructionCache  (-1, 4227072, 672, ... ) == 0x0
 00080   480   NtProtectVirtualMemory  (-1, (0x408000), 672, 4, ... (0x408000), 4096, 2, ) == 0x0
 00081   480   NtProtectVirtualMemory  (-1, (0x408000), 4096, 2, ... (0x408000), 4096, 4, ) == 0x0
 00082   480   NtFlushInstructionCache  (-1, 4227072, 672, ... ) == 0x0
 00083   480   NtProtectVirtualMemory  (-1, (0x408000), 672, 4, ... (0x408000), 4096, 2, ) == 0x0
 00084   480   NtProtectVirtualMemory  (-1, (0x408000), 4096, 2, ... (0x408000), 4096, 4, ) == 0x0
 00085   480   NtFlushInstructionCache  (-1, 4227072, 672, ... ) == 0x0
 00086   480   NtProtectVirtualMemory  (-1, (0x408000), 672, 4, ... (0x408000), 4096, 2, ) == 0x0
 00087   480   NtProtectVirtualMemory  (-1, (0x408000), 4096, 2, ... (0x408000), 4096, 4, ) == 0x0
 00088   480   NtFlushInstructionCache  (-1, 4227072, 672, ... ) == 0x0
 00089   480   NtProtectVirtualMemory  (-1, (0x408000), 672, 4, ... (0x408000), 4096, 2, ) == 0x0
 00090   480   NtProtectVirtualMemory  (-1, (0x408000), 4096, 2, ... (0x408000), 4096, 4, ) == 0x0
 00091   480   NtFlushInstructionCache  (-1, 4227072, 672, ... ) == 0x0
 00092   480   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "SHELL32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00093   480   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x773d0000), 0x0, 8339456, ) == 0x0
 00094   480   NtClose  (28, ... ) == 0x0
 00095   480   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "msvcrt.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00096   480   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77c10000), 0x0, 339968, ) == 0x0
 00097   480   NtClose  (28, ... ) == 0x0
 00098   480   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "SHLWAPI.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00099   480   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x772d0000), 0x0, 405504, ) == 0x0
 00100   480   NtClose  (28, ... ) == 0x0
 00101   480   NtProtectVirtualMemory  (-1, (0x408000), 672, 4, ... (0x408000), 4096, 2, ) == 0x0
 00102   480   NtProtectVirtualMemory  (-1, (0x408000), 4096, 2, ... (0x408000), 4096, 4, ) == 0x0
 00103   480   NtFlushInstructionCache  (-1, 4227072, 672, ... ) == 0x0
 00104   480   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "ole32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00105   480   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x771b0000), 0x0, 1155072, ) == 0x0
 00106   480   NtClose  (28, ... ) == 0x0
 00107   480   NtProtectVirtualMemory  (-1, (0x408000), 672, 4, ... (0x408000), 4096, 2, ) == 0x0
 00108   480   NtProtectVirtualMemory  (-1, (0x408000), 4096, 2, ... (0x408000), 4096, 4, ) == 0x0
 00109   480   NtFlushInstructionCache  (-1, 4227072, 672, ... ) == 0x0
 00110   480   NtOpenProcessToken  (-1, 0x8, ... 28, ) == 0x0
 00111   480   NtQueryInformationToken  (28, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 00112   480   NtClose  (28, ... ) == 0x0
 00113   480   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 28, ) }, ... 28, ) == 0x0
 00114   480   NtQueryValueKey  (28,  (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00115   480   NtClose  (28, ... ) == 0x0
 00116   480   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00117   480   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1246456, 1, 24, 2012568566}  (24, {28, 56, new_msg, 0, 1246456, 1, 24, 2012568566} "\210\6\33\1\0\0\0\0\314\4\23\0Ck\314\235\3\0\0\0\234\6\33\1$\1\0\0" ... {28, 56, reply, 0, 432, 480, 1573, 0} "XQ\26\0\0\0\0\0\0\0\0\0Ck\314\235\3\0\0\0\234\6\33\1$\1\0\0" )  ... {28, 56, reply, 0, 432, 480, 1573, 0}  (24, {28, 56, new_msg, 0, 1246456, 1, 24, 2012568566} "\210\6\33\1\0\0\0\0\314\4\23\0Ck\314\235\3\0\0\0\234\6\33\1$\1\0\0" ... {28, 56, reply, 0, 432, 480, 1573, 0} "XQ\26\0\0\0\0\0\0\0\0\0Ck\314\235\3\0\0\0\234\6\33\1$\1\0\0" )  ) == 0x0
 00118   480   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Error Message Instrument\"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00119   480   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x430000), 0x0, 1060864, ) == 0x0
 00120   480   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ... 32, ) == 0x0
 00121   480   NtOpenThreadTokenEx  (-2, 0x8, 1, 512, ... ) == STATUS_NO_TOKEN
 00122   480   NtOpenProcessTokenEx  (-1, 0x8, 512, ... -2147482060, ) == 0x0
 00123   480   NtQueryInformationToken  (-2147482060, Statistics, 0, ... ) == STATUS_BUFFER_TOO_SMALL
 00124   480   NtQueryInformationToken  (-2147482060, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 00125   480   NtClose  (-2147482060, ... ) == 0x0
 00126   480   NtAllocateVirtualMemory  (-1, 0, 0, 32, 4096, 4, ... 4128768, 4096, ) == 0x0
 00127   480   NtFreeVirtualMemory  (-1, (0x3f0000), 4096, 32768, ... (0x3f0000), 4096, ) == 0x0
 00128   480   NtDuplicateObject  (-1, 36, -1, 0x0, 0, 2, ... 44, ) == 0x0
 00129   480   NtOpenKey  (0x20019, {24, 0, 0x240, 0, 0,  (0x20019, {24, 0, 0x240, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32"}, ... -2147482060, ) }, ... -2147482060, ) == 0x0
 00130   480   NtQueryValueKey  (-2147482060,  (-2147482060, "packed", Partial, 172, ... ) , Partial, 172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00131   480   NtClose  (-2147482060, ... ) == 0x0
 00132   480   NtOpenKey  (0x20019, {24, 0, 0x240, 0, 0,  (0x20019, {24, 0, 0x240, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility"}, ... -2147482060, ) }, ... -2147482060, ) == 0x0
 00133   480   NtQueryValueKey  (-2147482060,  (-2147482060, "packed", Partial, 172, ... ) , Partial, 172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00134   480   NtClose  (-2147482060, ... ) == 0x0
 00135   480   NtQueryDefaultLocale  (0, -136443380, ... ) == 0x0
 00136   480   NtGdiQueryFontAssocInfo  (0, ... ) == 0x0
 00137   480   NtUserCallNoParam  (24, ... ) == 0x0
 00138   480   NtGdiCreateCompatibleDC  (0, ...
 00139   480   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 12288, 4, ... 4128768, 4096, ) == 0x0
 00138   480   NtGdiCreateCompatibleDC  ... ) == 0x1301045a
 00140   480   NtGdiGetStockObject  (0, ... ) == 0x1900010
 00141   480   NtGdiGetStockObject  (4, ... ) == 0x1900011
 00142   480   NtGdiCreateBitmap  (8, 8, 1, 1, 2010393708, ... ) == 0x15050455
 00143   480   NtGdiCreateSolidBrush  (0, 0, ...
 00144   480   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 12288, 4, ... 8650752, 4096, ) == 0x0
 00143   480   NtGdiCreateSolidBrush  ... ) == 0x2d10045b
 00145   480   NtGdiGetStockObject  (13, ... ) == 0x18a0021
 00146   480   NtGdiCreateCompatibleDC  (0, ... ) == 0x4010450
 00147   480   NtGdiSelectBitmap  (67175504, 352650325, ... ) == 0x185000f
 00148   480   NtUserGetThreadDesktop  (480, 0, ... ) == 0x28
 00149   480   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Windows"}, ... 48, ) }, ... 48, ) == 0x0
 00150   480   NtQueryValueKey  (48,  (48, "AppInit_DLLs", Partial, 64, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) , Partial, 64, ... TitleIdx=0, Type=1, Data= (48, "AppInit_DLLs", Partial, 64, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) }, 14, ) == 0x0
 00151   480   NtClose  (48, ... ) == 0x0
 00152   480   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00153   480   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 673, 128, 0, ... ) == 0x8126c017
 00154   480   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00155   480   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 674, 128, 0, ... ) == 0x8126c01c
 00156   480   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00157   480   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 675, 128, 0, ... ) == 0x8126c01e
 00158   480   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00159   480   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 676, 128, 0, ... ) == 0x81268002
 00160   480   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10013
 00161   480   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 677, 128, 0, ... ) == 0x8126c018
 00162   480   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00163   480   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 678, 128, 0, ... ) == 0x8126c01a
 00164   480   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00165   480   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 679, 128, 0, ... ) == 0x8126c01d
 00166   480   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00167   480   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 681, 128, 0, ... ) == 0x8126c026
 00168   480   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00169   480   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 680, 128, 0, ... ) == 0x8126c019
 00170   480   NtUserRegisterClassExWOW  (1241676, 1241756, 1241740, 1241772, 0, 128, 0, ... ) == 0x8126c020
 00171   480   NtUserRegisterClassExWOW  (1241676, 1241752, 1241768, 1241740, 0, 130, 0, ... ) == 0x8126c022
 00172   480   NtUserRegisterClassExWOW  (1241676, 1241756, 1241740, 1241772, 0, 128, 0, ...
 00173   480   NtAllocateVirtualMemory  (-1, 5615616, 0, 4096, 4096, 32, ... 5615616, 4096, ) == 0x0
 00172   480   NtUserRegisterClassExWOW  ... ) == 0x8126c023
 00174   480   NtAllocateVirtualMemory  (-1, 1323008, 0, 4096, 4096, 4, ... 1323008, 4096, ) == 0x0
 00175   480   NtUserRegisterClassExWOW  (1241676, 1241752, 1241768, 1241740, 0, 130, 0, ... ) == 0x8126c024
 00176   480   NtUserRegisterClassExWOW  (1241676, 1241756, 1241740, 1241772, 0, 128, 0, ... ) == 0x8126c025
 00177   480   NtCallbackReturn  (0, 0, 0, ...
 00178   480   NtGdiInit  (... ) == 0x1
 00179   480   NtGdiGetStockObject  (18, ... ) == 0x290001c
 00180   480   NtGdiGetStockObject  (19, ... ) == 0x1b00019
 00181   480   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 48, ) }, ... 48, ) == 0x0
 00182   480   NtQueryValueKey  (48,  (48, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (48, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00183   480   NtQueryValueKey  (48,  (48, "TSUserEnabled", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (48, "TSUserEnabled", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00184   480   NtClose  (48, ... ) == 0x0
 00185   480   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"}, ... 48, ) }, ... 48, ) == 0x0
 00186   480   NtQueryValueKey  (48,  (48, "LeakTrack", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00187   480   NtClose  (48, ... ) == 0x0
 00188   480   NtOpenKey  (0x2000000, {24, 0, 0x40, 0, 0,  (0x2000000, {24, 0, 0x40, 0, 0, "\REGISTRY\MACHINE"}, ... 48, ) }, ... 48, ) == 0x0
 00189   480   NtSetInformationObject  (48, Handle, {Inherit=0,ProtectFromClose=1,}, 2011365632, ... ) == 0x0
 00190   480   NtOpenKey  (0x20019, {24, 48, 0x40, 0, 0,  (0x20019, {24, 48, 0x40, 0, 0, "Software\Microsoft\Windows NT\CurrentVersion\Diagnostics"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00191   480   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\Registry\MACHINE\System\CurrentControlSet\Control\Session Manager"}, ... 52, ) }, ... 52, ) == 0x0
 00192   480   NtQueryValueKey  (52,  (52, "SafeDllSearchMode", Partial, 16, ... ) , Partial, 16, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00193   480   NtClose  (52, ... ) == 0x0
 00194   480   NtOpenProcess  (0x400, {24, 0, 0x0, 0, 0, 0x0}, {432, 0}, ... 52, ) == 0x0
 00195   480   NtQueryInformationProcess  (52, Session, 4, ... {SessionId=0,}, 0x0, ) == 0x0
 00196   480   NtClose  (52, ... ) == 0x0
 00197   480   NtUserRegisterWindowMessage  ( ("ShellGetDragImage", ... ) , ... ) == 0xc03a
 00198   480   NtUserSystemParametersInfo  (104, 0, 2000318720, 0, ... ) == 0x1
 00199   480   NtUserSystemParametersInfo  (38, 4, 2000318708, 0, ... ) == 0x1
 00200   480   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00201   480   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... 52, ) == 0x0
 00202   480   NtQueryInformationToken  (52, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00203   480   NtClose  (52, ... ) == 0x0
 00204   480   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... 52, ) }, ... 52, ) == 0x0
 00205   480   NtSetInformationObject  (52, Handle, {Inherit=0,ProtectFromClose=1,}, 1179904, ... ) == 0x0
 00206   480   NtOpenKey  (0x20019, {24, 52, 0x40, 0, 0,  (0x20019, {24, 52, 0x40, 0, 0, "Control Panel\Desktop"}, ... 56, ) }, ... 56, ) == 0x0
 00207   480   NtQueryValueKey  (56,  (56, "SmoothScroll", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00208   480   NtClose  (56, ... ) == 0x0
 00209   480   NtUserSystemParametersInfo  (41, 500, 1243132, 0, ... ) == 0x1
 00210   480   NtUserSystemParametersInfo  (102, 0, 2000318732, 0, ... ) == 0x1
 00211   480   NtUserGetClassInfo  (1999896576, 1243540, 1243492, 1243568, 0, ... ) == 0x0
 00212   480   NtUserFindExistingCursorIcon  (1242924, 1242940, 1243508, ... ) == 0x10011
 00213   480   NtUserRegisterClassExWOW  (1243376, 1243456, 1243440, 1243472, 0, 384, 0, ... ) == 0x8126c03b
 00214   480   NtUserGetClassInfo  (1999896576, 1243540, 1243492, 1243568, 0, ... ) == 0x0
 00215   480   NtUserRegisterClassExWOW  (1243376, 1243456, 1243440, 1243472, 0, 384, 0, ... ) == 0x8126c03d
 00216   480   NtUserGetClassInfo  (1999896576, 1243540, 1243492, 1243568, 0, ... ) == 0x0
 00217   480   NtUserFindExistingCursorIcon  (1242924, 1242940, 1243508, ... ) == 0x10011
 00218   480   NtUserRegisterClassExWOW  (1243376, 1243456, 1243440, 1243472, 0, 384, 0, ... ) == 0x8126c03f
 00219   480   NtUserGetClassInfo  (1999896576, 1243540, 1243492, 1243568, 0, ... ) == 0x0
 00220   480   NtUserFindExistingCursorIcon  (1242924, 1242940, 1243508, ... ) == 0x10011
 00221   480   NtUserRegisterClassExWOW  (1243376, 1243456, 1243440, 1243472, 0, 384, 0, ... ) == 0x8126c041
 00222   480   NtUserGetClassInfo  (1999896576, 1243540, 1243492, 1243568, 0, ... ) == 0x0
 00223   480   NtUserFindExistingCursorIcon  (1242924, 1242940, 1243508, ... ) == 0x10011
 00224   480   NtUserRegisterClassExWOW  (1243376, 1243456, 1243440, 1243472, 0, 384, 0, ... ) == 0x8126c043
 00225   480   NtUserGetClassInfo  (1999896576, 1243540, 1243492, 1243568, 0, ... ) == 0x0
 00226   480   NtUserRegisterClassExWOW  (1243376, 1243456, 1243440, 1243472, 0, 384, 0, ... ) == 0x8126c045
 00227   480   NtUserGetClassInfo  (1999896576, 1243540, 1243492, 1243568, 0, ... ) == 0x0
 00228   480   NtUserFindExistingCursorIcon  (1242924, 1242940, 1243508, ... ) == 0x10011
 00229   480   NtUserRegisterClassExWOW  (1243376, 1243456, 1243440, 1243472, 0, 384, 0, ... ) == 0x8126c047
 00230   480   NtUserGetClassInfo  (1999896576, 1243540, 1243492, 1243568, 0, ... ) == 0x0
 00231   480   NtUserFindExistingCursorIcon  (1242920, 1242936, 1243504, ... ) == 0x10011
 00232   480   NtUserRegisterClassExWOW  (1243372, 1243452, 1243436, 1243468, 0, 384, 0, ... ) == 0x8126c049
 00233   480   NtUserGetClassInfo  (1999896576, 1243540, 1243492, 1243568, 0, ... ) == 0x0
 00234   480   NtUserFindExistingCursorIcon  (1242924, 1242940, 1243508, ... ) == 0x10011
 00235   480   NtUserRegisterClassExWOW  (1243376, 1243456, 1243440, 1243472, 0, 384, 0, ... ) == 0x8126c04b
 00236   480   NtUserGetClassInfo  (1999896576, 1243540, 1243492, 1243568, 0, ... ) == 0x0
 00237   480   NtUserFindExistingCursorIcon  (1242924, 1242940, 1243508, ... ) == 0x10011
 00238   480   NtUserRegisterClassExWOW  (1243376, 1243456, 1243440, 1243472, 0, 384, 0, ... ) == 0x8126c04d
 00239   480   NtUserGetClassInfo  (1999896576, 1243540, 1243492, 1243568, 0, ... ) == 0x0
 00240   480   NtUserFindExistingCursorIcon  (1242924, 1242940, 1243508, ... ) == 0x10011
 00241   480   NtUserRegisterClassExWOW  (1243376, 1243456, 1243440, 1243472, 0, 384, 0, ... ) == 0x8126c04f
 00242   480   NtUserGetClassInfo  (1999896576, 1243544, 1243496, 1243572, 0, ... ) == 0x0
 00243   480   NtUserRegisterClassExWOW  (1243380, 1243460, 1243444, 1243476, 0, 384, 0, ... ) == 0x8126c051
 00244   480   NtUserGetClassInfo  (1999896576, 1243540, 1243492, 1243568, 0, ... ) == 0x0
 00245   480   NtUserFindExistingCursorIcon  (1242924, 1242940, 1243508, ... ) == 0x10011
 00246   480   NtUserRegisterClassExWOW  (1243376, 1243456, 1243440, 1243472, 0, 384, 0, ... ) == 0x8126c053
 00247   480   NtUserGetClassInfo  (1999896576, 1243540, 1243492, 1243568, 0, ... ) == 0x0
 00248   480   NtUserFindExistingCursorIcon  (1242924, 1242940, 1243508, ... ) == 0x10011
 00249   480   NtUserRegisterClassExWOW  (1243376, 1243456, 1243440, 1243472, 0, 384, 0, ... ) == 0x8126c055
 00250   480   NtUserRegisterClassExWOW  (1243376, 1243456, 1243440, 1243472, 0, 384, 0, ... ) == 0x8126c057
 00251   480   NtUserGetClassInfo  (1999896576, 1243540, 1243492, 1243568, 0, ... ) == 0x0
 00252   480   NtUserFindExistingCursorIcon  (1242924, 1242940, 1243508, ... ) == 0x10011
 00253   480   NtUserRegisterClassExWOW  (1243376, 1243456, 1243440, 1243472, 0, 384, 0, ... ) == 0x8126c059
 00254   480   NtUserGetClassInfo  (1999896576, 1243540, 1243492, 1243568, 0, ... ) == 0x0
 00255   480   NtUserFindExistingCursorIcon  (1242924, 1242940, 1243508, ... ) == 0x10013
 00256   480   NtUserRegisterClassExWOW  (1243376, 1243456, 1243440, 1243472, 0, 384, 0, ... ) == 0x8126c05b
 00257   480   NtUserGetClassInfo  (1999896576, 1243540, 1243492, 1243568, 0, ... ) == 0x0
 00258   480   NtUserFindExistingCursorIcon  (1242924, 1242940, 1243508, ... ) == 0x10011
 00259   480   NtUserRegisterClassExWOW  (1243376, 1243456, 1243440, 1243472, 0, 384, 0, ... ) == 0x8126c05d
 00260   480   NtUserGetClassInfo  (1999896576, 1243540, 1243492, 1243568, 0, ... ) == 0x0
 00261   480   NtUserFindExistingCursorIcon  (1242924, 1242940, 1243508, ... ) == 0x10011
 00262   480   NtUserRegisterClassExWOW  (1243376, 1243456, 1243440, 1243472, 0, 384, 0, ... ) == 0x8126c05f
 00263   480   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00264   480   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 8716288, 65536, ) == 0x0
 00265   480   NtAllocateVirtualMemory  (-1, 8716288, 0, 4096, 4096, 4, ... 8716288, 4096, ) == 0x0
 00266   480   NtAllocateVirtualMemory  (-1, 8720384, 0, 8192, 4096, 4, ... 8720384, 8192, ) == 0x0
 00267   480   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionCType"}, ... 56, ) }, ... 56, ) == 0x0
 00268   480   NtMapViewOfSection  (56, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x860000), 0x0, 12288, ) == 0x0
 00269   480   NtClose  (56, ... ) == 0x0
 00270   480   NtAllocateVirtualMemory  (-1, 8728576, 0, 4096, 4096, 4, ... 8728576, 4096, ) == 0x0
 00271   480   NtOpenKey  (0x2000000, {24, 48, 0x40, 0, 0,  (0x2000000, {24, 48, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Explorer\Performance"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00272   480   NtOpenKey  (0x1, {24, 48, 0x40, 0, 0,  (0x1, {24, 48, 0x40, 0, 0, "SYSTEM\Setup"}, ... 56, ) }, ... 56, ) == 0x0
 00273   480   NtQueryValueKey  (56,  (56, "SystemSetupInProgress", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (56, "SystemSetupInProgress", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00274   480   NtClose  (56, ... ) == 0x0
 00275   480   NtQueryDefaultUILanguage  (1241756, ...
 00276   480   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00277   480   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... -2147482060, ) == 0x0
 00278   480   NtQueryInformationToken  (-2147482060, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00279   480   NtClose  (-2147482060, ... ) == 0x0
 00280   480   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... -2147482060, ) }, ... -2147482060, ) == 0x0
 00281   480   NtOpenKey  (0x80000000, {24, 0, 0x240, 0, 0,  (0x80000000, {24, 0, 0x240, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00282   480   NtOpenKey  (0x80000000, {24, -2147482060, 0x640, 0, 0,  (0x80000000, {24, -2147482060, 0x640, 0, 0, "Control Panel\Desktop"}, ... -2147482072, ) }, ... -2147482072, ) == 0x0
 00283   480   NtQueryValueKey  (-2147482072,  (-2147482072, "MultiUILanguageId", Partial, 256, ... ) , Partial, 256, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00284   480   NtClose  (-2147482072, ... ) == 0x0
 00285   480   NtClose  (-2147482060, ... ) == 0x0
 00275   480   NtQueryDefaultUILanguage  ... ) == 0x0
 00286   480   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00287   480   NtQueryInstallUILanguage  (2012047340, ... ) == 0x0
 00288   480   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\SHELL32.dll"}, 1, 96, ... 56, {status=0x0, info=1}, ) }, 1, 96, ... 56, {status=0x0, info=1}, ) == 0x0
 00289   480   NtCreateSection  (0x4, 0x0, 0x0, 2, 134217728, 56, ... 60, ) == 0x0
 00290   480   NtMapViewOfSection  (60, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 2, ... (0x870000), 0x0, 8323072, ) == 0x0
 00291   480   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\SHELL32.dll.124.Manifest"}, 1, 96, ... ) }, 1, 96, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00292   480   NtQueryDefaultUILanguage  (2013024600, ...
 00293   480   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00294   480   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... -2147482060, ) == 0x0
 00295   480   NtQueryInformationToken  (-2147482060, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00296   480   NtClose  (-2147482060, ... ) == 0x0
 00297   480   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... -2147482060, ) }, ... -2147482060, ) == 0x0
 00298   480   NtOpenKey  (0x80000000, {24, 0, 0x240, 0, 0,  (0x80000000, {24, 0, 0x240, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00299   480   NtOpenKey  (0x80000000, {24, -2147482060, 0x640, 0, 0,  (0x80000000, {24, -2147482060, 0x640, 0, 0, "Control Panel\Desktop"}, ... -2147482072, ) }, ... -2147482072, ) == 0x0
 00300   480   NtQueryValueKey  (-2147482072,  (-2147482072, "MultiUILanguageId", Partial, 256, ... ) , Partial, 256, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00301   480   NtClose  (-2147482072, ... ) == 0x0
 00302   480   NtClose  (-2147482060, ... ) == 0x0
 00292   480   NtQueryDefaultUILanguage  ... ) == 0x0
 00303   480   NtAllocateVirtualMemory  (-1, 1228800, 0, 4096, 4096, 260, ... 1228800, 4096, ) == 0x0
 00304   480   NtQueryInstallUILanguage  (2013024602, ... ) == 0x0
 00305   480   NtQueryDefaultLocale  (1, 1239792, ... ) == 0x0
 00306   480   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\SHELL32.dll.124.Config"}, 1, 96, ... ) }, 1, 96, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00307   480   NtRequestWaitReplyPort  (24, {128, 156, new_msg, 0, 1240648, 1, 96, 0}  (24, {128, 156, new_msg, 0, 1240648, 1, 96, 0} "\210\6\33\1\33\0\1\0\0\0\0\0\1\361\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\33\18\0\0\0\377\377\377\377\0\0\0\0\20\311\276\0\0\0\0\0\236\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\33\1\0\0\0\0\0\0\0\0H\365\22\0\0\0\0\0" ... {128, 156, reply, 0, 432, 480, 1584, 0} "\210\347\26\0\33\0\1\0\0\0\0\0\1\361\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\33\18\0\0\0\377\377\377\377\0\0\0\0\20\311\276\0\0\0\0\0\236\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\33\1\0\0\0\0\0\0\0\0H\365\22\0\0\0\0\0" )  ... {128, 156, reply, 0, 432, 480, 1584, 0}  (24, {128, 156, new_msg, 0, 1240648, 1, 96, 0} "\210\6\33\1\33\0\1\0\0\0\0\0\1\361\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\33\18\0\0\0\377\377\377\377\0\0\0\0\20\311\276\0\0\0\0\0\236\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\33\1\0\0\0\0\0\0\0\0H\365\22\0\0\0\0\0" ... {128, 156, reply, 0, 432, 480, 1584, 0} "\210\347\26\0\33\0\1\0\0\0\0\0\1\361\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\33\18\0\0\0\377\377\377\377\0\0\0\0\20\311\276\0\0\0\0\0\236\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\33\1\0\0\0\0\0\0\0\0H\365\22\0\0\0\0\0" )  ) == 0x0
 00308   480   NtClose  (56, ... ) == 0x0
 00309   480   NtClose  (60, ... ) == 0x0
 00310   480   NtUnmapViewOfSection  (-1, 0x870000, ... ) == 0x0
 00311   480   NtUnmapViewOfSection  (-1, 0x12f548, ... ) == STATUS_NOT_MAPPED_VIEW
 00312   480   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00313   480   NtAllocateVirtualMemory  (-1, 1327104, 0, 4096, 4096, 4, ... 1327104, 4096, ) == 0x0
 00314   480   NtOpenKey  (0x8, {24, 0, 0x40, 0, 0,  (0x8, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00315   480   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00316   480   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00317   480   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\packed.exe.Local\"}, 1238876, ... ) }, 1238876, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00318   480   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00319   480   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00320   480   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00321   480   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a"}, 1239468, ... ) }, 1239468, ... ) == 0x0
 00322   480   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a"}, 3, 33, ... 60, {status=0x0, info=1}, ) }, 3, 33, ... 60, {status=0x0, info=1}, ) == 0x0
 00323   480   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00324   480   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll"}, 5, 96, ... 56, {status=0x0, info=1}, ) }, 5, 96, ... 56, {status=0x0, info=1}, ) == 0x0
 00325   480   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 56, ... 64, ) == 0x0
 00326   480   NtClose  (56, ... ) == 0x0
 00327   480   NtMapViewOfSection  (64, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0x870000), 0x0, 921600, ) == 0x0
 00328   480   NtClose  (64, ... ) == 0x0
 00329   480   NtUnmapViewOfSection  (-1, 0x870000, ... ) == 0x0
 00330   480   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll"}, 5, 96, ... 64, {status=0x0, info=1}, ) }, 5, 96, ... 64, {status=0x0, info=1}, ) == 0x0
 00331   480   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 64, ... 56, ) == 0x0
 00332   480   NtQuerySection  (56, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00333   480   NtOpenProcessToken  (-1, 0x8, ... 68, ) == 0x0
 00334   480   NtQueryInformationToken  (68, User, 136, ... {token info, class 1, size 36}, 36, ) == 0x0
 00335   480   NtOpenKey  (0x3, {24, 0, 0x40, 0, 0,  (0x3, {24, 0, 0x40, 0, 0, "\Registry\MACHINE\System\CurrentControlSet\Control\SafeBoot\Option"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00336   480   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers"}, ... 72, ) }, ... 72, ) == 0x0
 00337   480   NtQueryValueKey  (72,  (72, "TransparentEnabled", Partial, 80, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 80, ... TitleIdx=0, Type=4, Data= (72, "TransparentEnabled", Partial, 80, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00338   480   NtClose  (72, ... ) == 0x0
 00339   480   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00340   480   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... 72, ) == 0x0
 00341   480   NtQueryInformationToken  (72, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00342   480   NtClose  (72, ... ) == 0x0
 00343   480   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00344   480   NtClose  (68, ... ) == 0x0
 00345   480   NtClose  (64, ... ) == 0x0
 00346   480   NtMapViewOfSection  (56, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71950000), 0x0, 933888, ) == 0x0
 00347   480   NtClose  (56, ... ) == 0x0
 00348   480   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00349   480   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00350   480   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00351   480   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00352   480   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00353   480   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00354   480   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00355   480   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00356   480   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00357   480   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00358   480   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00359   480   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00360   480   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00361   480   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00362   480   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00363   480   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00364   480   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00365   480   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00366   480   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00367   480   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00368   480   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00369   480   NtAddAtom  ( ("T\0h\0e\0m\0e\0P\0r\0o\0p\0S\0c\0r\0o\0l\0l\0B\0a\0r\0C\0t\0l\0", 42, 1240652, ... ) , 42, 1240652, ... ) == 0x0
 00370   480   NtQueryDefaultUILanguage  (1239368, ...
 00371   480   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00372   480   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... -2147482060, ) == 0x0
 00373   480   NtQueryInformationToken  (-2147482060, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00374   480   NtClose  (-2147482060, ... ) == 0x0
 00375   480   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... -2147482060, ) }, ... -2147482060, ) == 0x0
 00376   480   NtOpenKey  (0x80000000, {24, 0, 0x240, 0, 0,  (0x80000000, {24, 0, 0x240, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00377   480   NtOpenKey  (0x80000000, {24, -2147482060, 0x640, 0, 0,  (0x80000000, {24, -2147482060, 0x640, 0, 0, "Control Panel\Desktop"}, ... -2147482072, ) }, ... -2147482072, ) == 0x0
 00378   480   NtQueryValueKey  (-2147482072,  (-2147482072, "MultiUILanguageId", Partial, 256, ... ) , Partial, 256, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00379   480   NtClose  (-2147482072, ... ) == 0x0
 00380   480   NtClose  (-2147482060, ... ) == 0x0
 00370   480   NtQueryDefaultUILanguage  ... ) == 0x0
 00381   480   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00382   480   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 1238220, ... ) }, 1238220, ... ) == 0x0
 00383   480   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 5, 96, ... 56, {status=0x0, info=1}, ) }, 5, 96, ... 56, {status=0x0, info=1}, ) == 0x0
 00384   480   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 56, ... 64, ) == 0x0
 00385   480   NtClose  (56, ... ) == 0x0
 00386   480   NtMapViewOfSection  (64, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0x870000), 0x0, 4096, ) == 0x0
 00387   480   NtClose  (64, ... ) == 0x0
 00388   480   NtUnmapViewOfSection  (-1, 0x870000, ... ) == 0x0
 00389   480   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 1237860, ... ) }, 1237860, ... ) == 0x0
 00390   480   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1238560,  (0x80100080, {24, 0, 0x40, 0, 1238560, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 0x0, 0, 5, 1, 96, 0, 0, ... 64, {status=0x0, info=1}, ) }, 0x0, 0, 5, 1, 96, 0, 0, ... 64, {status=0x0, info=1}, ) == 0x0
 00391   480   NtCreateSection  (0xf0005, 0x0, 0x0, 2, 134217728, 64, ... 56, ) == 0x0
 00392   480   NtClose  (64, ... ) == 0x0
 00393   480   NtMapViewOfSection  (56, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 2, ... (0x870000), {0, 0}, 4096, ) == 0x0
 00394   480   NtClose  (56, ... ) == 0x0
 00395   480   NtUnmapViewOfSection  (-1, 0x870000, ... ) == 0x0
 00396   480   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 1, 96, ... 56, {status=0x0, info=1}, ) }, 1, 96, ... 56, {status=0x0, info=1}, ) == 0x0
 00397   480   NtCreateSection  (0x4, 0x0, 0x0, 2, 134217728, 56, ... 64, ) == 0x0
 00398   480   NtMapViewOfSection  (64, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 2, ... (0x870000), 0x0, 4096, ) == 0x0
 00399   480   NtQueryInformationFile  (56, 1238180, 56, NetworkOpen, ... {status=0x0, info=56}, ) == 0x0
 00400   480   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Config"}, 1, 96, ... ) }, 1, 96, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00401   480   NtRequestWaitReplyPort  (24, {128, 156, new_msg, 0, 1238260, 1, 96, 0}  (24, {128, 156, new_msg, 0, 1238260, 1, 96, 0} "\210\6\33\1\33\0\1\0\240\315Z\371\2209\307\1\1\0\0\0\0\0\11\4\1\1\3\0@\0D\0\250\6\33\18\0\0\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\355\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\26\0\30\0\354\6\33\1\0\0\0\0\0\0\0\0\364\353\22\0\0\0\0\0" ... {128, 156, reply, 0, 432, 480, 1585, 0} "h\334\26\0\33\0\1\0\0\0\0\0\2209\307\1\1\0\0\0\0\0\11\4\1\1\3\0@\0D\0\250\6\33\18\0\0\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\355\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\26\0\30\0\354\6\33\1\0\0\0\0\0\0\0\0\364\353\22\0\0\0\0\0" )  ... {128, 156, reply, 0, 432, 480, 1585, 0}  (24, {128, 156, new_msg, 0, 1238260, 1, 96, 0} "\210\6\33\1\33\0\1\0\240\315Z\371\2209\307\1\1\0\0\0\0\0\11\4\1\1\3\0@\0D\0\250\6\33\18\0\0\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\355\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\26\0\30\0\354\6\33\1\0\0\0\0\0\0\0\0\364\353\22\0\0\0\0\0" ... {128, 156, reply, 0, 432, 480, 1585, 0} "h\334\26\0\33\0\1\0\0\0\0\0\2209\307\1\1\0\0\0\0\0\11\4\1\1\3\0@\0D\0\250\6\33\18\0\0\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\355\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\26\0\30\0\354\6\33\1\0\0\0\0\0\0\0\0\364\353\22\0\0\0\0\0" )  ) == 0x0
 00402   480   NtClose  (56, ... ) == 0x0
 00403   480   NtClose  (64, ... ) == 0x0
 00404   480   NtUnmapViewOfSection  (-1, 0x870000, ... ) == 0x0
 00405   480   NtUnmapViewOfSection  (-1, 0x12ebf4, ... ) == STATUS_NOT_MAPPED_VIEW
 00406   480   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00407   480   NtUserRegisterWindowMessage  ( ("ShellGetDragImage", ... ) , ... ) == 0xc03a
 00408   480   NtUserSystemParametersInfo  (104, 0, 1906151468, 0, ... ) == 0x1
 00409   480   NtUserGetDC  (0, ... ) == 0x1010050
 00410   480   NtUserCallOneParam  (16842832, 56, ... ) == 0x1
 00411   480   NtUserSystemParametersInfo  (38, 4, 1906153440, 0, ... ) == 0x1
 00412   480   NtUserSystemParametersInfo  (66, 12, 1240672, 0, ... ) == 0x1
 00413   480   NtOpenProcessToken  (-1, 0x8, ... 64, ) == 0x0
 00414   480   NtAccessCheck  (1329728, 64, 0x1, 1240076, 1240020, 56, 1240104, ... ) == STATUS_NO_IMPERSONATION_TOKEN
 00415   480   NtClose  (64, ... ) == 0x0
 00416   480   NtOpenKey  (0x20019, {24, 52, 0x40, 0, 0,  (0x20019, {24, 52, 0x40, 0, 0, "Control Panel\Desktop"}, ... 64, ) }, ... 64, ) == 0x0
 00417   480   NtQueryValueKey  (64,  (64, "SmoothScroll", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00418   480   NtClose  (64, ... ) == 0x0
 00419   480   NtUserSystemParametersInfo  (41, 500, 1240172, 0, ... ) == 0x1
 00420   480   NtOpenKey  (0x1, {24, 52, 0x40, 0, 0,  (0x1, {24, 52, 0x40, 0, 0, "software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"}, ... 64, ) }, ... 64, ) == 0x0
 00421   480   NtQueryValueKey  (64,  (64, "EnableBalloonTips", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00422   480   NtOpenKey  (0x1, {24, 48, 0x40, 0, 0,  (0x1, {24, 48, 0x40, 0, 0, "software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"}, ... 56, ) }, ... 56, ) == 0x0
 00423   480   NtQueryValueKey  (56,  (56, "EnableBalloonTips", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00424   480   NtClose  (56, ... ) == 0x0
 00425   480   NtClose  (64, ... ) == 0x0
 00426   480   NtUserSystemParametersInfo  (102, 0, 1906153328, 0, ... ) == 0x1
 00427   480   NtUserSystemParametersInfo  (4130, 0, 1240696, 0, ... ) == 0x1
 00428   480   NtOpenKey  (0x1, {24, 48, 0x40, 0, 0,  (0x1, {24, 48, 0x40, 0, 0, "Software\Microsoft\Windows NT\CurrentVersion\LanguagePack"}, ... 64, ) }, ... 64, ) == 0x0
 00429   480   NtEnumerateValueKey  (64, 0, Full, 220, ... ) == STATUS_NO_MORE_ENTRIES
 00430   480   NtClose  (64, ... ) == 0x0
 00431   480   NtUserFindExistingCursorIcon  (1239980, 1239996, 1240564, ... ) == 0x10011
 00432   480   NtUserRegisterClassExWOW  (1240432, 1240512, 1240496, 1240528, 0, 384, 0, ... ) == 0x8126c03b
 00433   480   NtUserRegisterClassExWOW  (1240432, 1240512, 1240496, 1240528, 0, 384, 0, ... ) == 0x8126c03d
 00434   480   NtUserFindExistingCursorIcon  (1239976, 1239992, 1240560, ... ) == 0x10011
 00435   480   NtUserRegisterClassExWOW  (1240428, 1240508, 1240492, 1240524, 0, 384, 0, ... ) == 0x8126c03f
 00436   480   NtUserFindExistingCursorIcon  (1239980, 1239996, 1240564, ... ) == 0x10011
 00437   480   NtUserRegisterClassExWOW  (1240432, 1240512, 1240496, 1240528, 0, 384, 0, ... ) == 0x8126c041
 00438   480   NtUserFindExistingCursorIcon  (1239980, 1239996, 1240564, ... ) == 0x10011
 00439   480   NtUserRegisterClassExWOW  (1240432, 1240512, 1240496, 1240528, 0, 384, 0, ... ) == 0x8126c043
 00440   480   NtUserRegisterClassExWOW  (1240432, 1240512, 1240496, 1240528, 0, 384, 0, ... ) == 0x8126c045
 00441   480   NtUserFindExistingCursorIcon  (1239980, 1239996, 1240564, ... ) == 0x10011
 00442   480   NtUserRegisterClassExWOW  (1240432, 1240512, 1240496, 1240528, 0, 384, 0, ... ) == 0x8126c047
 00443   480   NtUserFindExistingCursorIcon  (1239976, 1239992, 1240560, ... ) == 0x10011
 00444   480   NtUserRegisterClassExWOW  (1240428, 1240508, 1240492, 1240524, 0, 384, 0, ...
 00445   480   NtAllocateVirtualMemory  (-1, 5619712, 0, 4096, 4096, 32, ... 5619712, 4096, ) == 0x0
 00444   480   NtUserRegisterClassExWOW  ... ) == 0x8126c049
 00446   480   NtUserGetClassInfo  (1905590272, 1240592, 1240544, 1240620, 0, ... ) == 0xc049
 00447   480   NtUserFindExistingCursorIcon  (1239980, 1239996, 1240564, ... ) == 0x10011
 00448   480   NtUserRegisterClassExWOW  (1240432, 1240512, 1240496, 1240528, 0, 384, 0, ... ) == 0x8126c04b
 00449   480   NtUserFindExistingCursorIcon  (1239980, 1239996, 1240564, ... ) == 0x10011
 00450   480   NtUserRegisterClassExWOW  (1240432, 1240512, 1240496, 1240528, 0, 384, 0, ... ) == 0x8126c04d
 00451   480   NtUserFindExistingCursorIcon  (1239980, 1239996, 1240564, ... ) == 0x10011
 00452   480   NtUserRegisterClassExWOW  (1240432, 1240512, 1240496, 1240528, 0, 384, 0, ... ) == 0x8126c04f
 00453   480   NtUserRegisterClassExWOW  (1240432, 1240512, 1240496, 1240528, 0, 384, 0, ... ) == 0x8126c051
 00454   480   NtUserFindExistingCursorIcon  (1239980, 1239996, 1240564, ... ) == 0x10011
 00455   480   NtUserRegisterClassExWOW  (1240432, 1240512, 1240496, 1240528, 0, 384, 0, ... ) == 0x8126c053
 00456   480   NtUserFindExistingCursorIcon  (1239976, 1239992, 1240560, ... ) == 0x10011
 00457   480   NtUserRegisterClassExWOW  (1240428, 1240508, 1240492, 1240524, 0, 384, 0, ... ) == 0x8126c055
 00458   480   NtUserRegisterClassExWOW  (1240428, 1240508, 1240492, 1240524, 0, 384, 0, ... ) == 0x8126c057
 00459   480   NtUserFindExistingCursorIcon  (1239980, 1239996, 1240564, ... ) == 0x10011
 00460   480   NtUserRegisterClassExWOW  (1240432, 1240512, 1240496, 1240528, 0, 384, 0, ... ) == 0x8126c059
 00461   480   NtUserFindExistingCursorIcon  (1239980, 1239996, 1240564, ... ) == 0x10013
 00462   480   NtUserRegisterClassExWOW  (1240432, 1240512, 1240496, 1240528, 0, 384, 0, ... ) == 0x8126c05b
 00463   480   NtUserFindExistingCursorIcon  (1239980, 1239996, 1240564, ... ) == 0x10011
 00464   480   NtUserRegisterClassExWOW  (1240432, 1240512, 1240496, 1240528, 0, 384, 0, ... ) == 0x8126c05d
 00465   480   NtUserFindExistingCursorIcon  (1239980, 1239996, 1240564, ... ) == 0x10011
 00466   480   NtUserRegisterClassExWOW  (1240432, 1240512, 1240496, 1240528, 0, 384, 0, ... ) == 0x8126c05f
 00467   480   NtUserFindExistingCursorIcon  (1239976, 1239992, 1240560, ... ) == 0x10011
 00468   480   NtUserRegisterClassExWOW  (1240428, 1240508, 1240492, 1240524, 0, 384, 0, ... ) == 0x8126c017
 00469   480   NtUserFindExistingCursorIcon  (1239976, 1239992, 1240560, ... ) == 0x10011
 00470   480   NtUserRegisterClassExWOW  (1240428, 1240508, 1240492, 1240524, 0, 384, 0, ... ) == 0x8126c019
 00471   480   NtUserFindExistingCursorIcon  (1239976, 1239992, 1240560, ... ) == 0x10013
 00472   480   NtUserRegisterClassExWOW  (1240428, 1240508, 1240492, 1240524, 0, 384, 0, ... ) == 0x8126c018
 00473   480   NtUserFindExistingCursorIcon  (1239980, 1239996, 1240564, ... ) == 0x10011
 00474   480   NtUserRegisterClassExWOW  (1240432, 1240512, 1240496, 1240528, 0, 384, 0, ... ) == 0x8126c01a
 00475   480   NtUserFindExistingCursorIcon  (1239976, 1239992, 1240560, ... ) == 0x10011
 00476   480   NtUserRegisterClassExWOW  (1240428, 1240508, 1240492, 1240524, 0, 384, 0, ... ) == 0x8126c01c
 00477   480   NtUserFindExistingCursorIcon  (1239980, 1239996, 1240564, ... ) == 0x10011
 00478   480   NtUserRegisterClassExWOW  (1240432, 1240512, 1240496, 1240528, 0, 384, 0, ... ) == 0x8126c01e
 00479   480   NtUserFindExistingCursorIcon  (1239976, 1239992, 1240560, ... ) == 0x10011
 00480   480   NtUserRegisterClassExWOW  (1240488, 1240568, 1240552, 1240584, 0, 384, 0, ... ) == 0x8126c01b
 00481   480   NtUserFindExistingCursorIcon  (1239972, 1239988, 1240556, ... ) == 0x10011
 00482   480   NtUserRegisterClassExWOW  (1240484, 1240564, 1240548, 1240580, 0, 384, 0, ... ) == 0x8126c068
 00483   480   NtUserFindExistingCursorIcon  (1239980, 1239996, 1240564, ... ) == 0x10011
 00484   480   NtUserRegisterClassExWOW  (1240432, 1240512, 1240496, 1240528, 0, 384, 0, ... ) == 0x8126c06a
 00485   480   NtUserGetClassInfo  (1999896576, 1243492, 1243444, 1243520, 0, ... ) == 0xc03b
 00486   480   NtUserGetClassInfo  (1999896576, 1243492, 1243444, 1243520, 0, ... ) == 0xc03d
 00487   480   NtUserGetClassInfo  (1999896576, 1243492, 1243444, 1243520, 0, ... ) == 0xc03f
 00488   480   NtUserGetClassInfo  (1999896576, 1243492, 1243444, 1243520, 0, ... ) == 0xc041
 00489   480   NtUserGetClassInfo  (1999896576, 1243492, 1243444, 1243520, 0, ... ) == 0xc043
 00490   480   NtUserGetClassInfo  (1999896576, 1243492, 1243444, 1243520, 0, ... ) == 0xc045
 00491   480   NtUserGetClassInfo  (1999896576, 1243492, 1243444, 1243520, 0, ... ) == 0xc047
 00492   480   NtUserGetClassInfo  (1999896576, 1243492, 1243444, 1243520, 0, ... ) == 0xc049
 00493   480   NtUserGetClassInfo  (1999896576, 1243492, 1243444, 1243520, 0, ... ) == 0xc04b
 00494   480   NtUserGetClassInfo  (1999896576, 1243492, 1243444, 1243520, 0, ... ) == 0xc04d
 00495   480   NtUserGetClassInfo  (1999896576, 1243492, 1243444, 1243520, 0, ... ) == 0xc04f
 00496   480   NtUserGetClassInfo  (1999896576, 1243496, 1243448, 1243524, 0, ... ) == 0xc051
 00497   480   NtUserGetClassInfo  (1999896576, 1243492, 1243444, 1243520, 0, ... ) == 0xc053
 00498   480   NtUserGetClassInfo  (1999896576, 1243492, 1243444, 1243520, 0, ... ) == 0xc055
 00499   480   NtUserGetClassInfo  (1999896576, 1243492, 1243444, 1243520, 0, ... ) == 0xc059
 00500   480   NtUserGetClassInfo  (1999896576, 1243492, 1243444, 1243520, 0, ... ) == 0xc05b
 00501   480   NtUserGetClassInfo  (1999896576, 1243492, 1243444, 1243520, 0, ... ) == 0xc05d
 00502   480   NtUserGetClassInfo  (1999896576, 1243492, 1243444, 1243520, 0, ... ) == 0xc05f
 00503   480   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00504   480   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00505   480   NtOpenKey  (0x20019, {24, 48, 0x40, 0, 0,  (0x20019, {24, 48, 0x40, 0, 0, "SYSTEM\CurrentControlSet\Control\Session Manager"}, ... 64, ) }, ... 64, ) == 0x0
 00506   480   NtQueryValueKey  (64,  (64, "CriticalSectionTimeout", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\215'\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (64, "CriticalSectionTimeout", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\215'\0"}, 16, ) }, 16, ) == 0x0
 00507   480   NtClose  (64, ... ) == 0x0
 00508   480   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00509   480   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00510   480   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00511   480   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00512   480   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Classes\Interface"}, ... 64, ) }, ... 64, ) == 0x0
 00513   480   NtQueryValueKey  (64,  (64, "InterfaceHelperDisableAll", Full, 0, ... ) , Full, 0, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00514   480   NtQueryValueKey  (64,  (64, "InterfaceHelperDisableAllForOle32", Full, 0, ... ) , Full, 0, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00515   480   NtQueryValueKey  (64,  (64, "InterfaceHelperDisableTypeLib", Full, 0, ... ) , Full, 0, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00516   480   NtClose  (64, ... ) == 0x0
 00517   480   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Classes\Interface\{00020400-0000-0000-C000-000000000046}"}, ... 64, ) }, ... 64, ) == 0x0
 00518   480   NtQueryValueKey  (64,  (64, "InterfaceHelperDisableAll", Full, 0, ... ) , Full, 0, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00519   480   NtQueryValueKey  (64,  (64, "InterfaceHelperDisableAllForOle32", Full, 0, ... ) , Full, 0, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00520   480   NtClose  (64, ... ) == 0x0
 00521   480   NtOpenDirectoryObject  (0x2000f, {24, 0, 0x40, 0, 0,  (0x2000f, {24, 0, 0x40, 0, 0, "\BaseNamedObjects"}, ... 64, ) }, ... 64, ) == 0x0
 00522   480   NtOpenEvent  (0x1f0003, {24, 64, 0x0, 0, 0,  (0x1f0003, {24, 64, 0x0, 0, 0, "HookSwitchHookEnabledEvent"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00523   480   NtTestAlert  (... ) == 0x0
 00524   480   NtContinue  (1244464, 1, ...
 00525   480   NtSetInformationThread  (-2, Win32StartAddress(LpcReceivedMessageId), {StartAddress(LpcReceivedMsgId)=0x403aea,}, 4, ... ) == 0x0
 00526   480   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\rpcss.dll"}, 1242644, ... ) }, 1242644, ... ) == 0x0
 00527   480   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\rpcss.dll"}, 5, 96, ... 56, {status=0x0, info=1}, ) }, 5, 96, ... 56, {status=0x0, info=1}, ) == 0x0
 00528   480   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 56, ... 68, ) == 0x0
 00529   480   NtClose  (56, ... ) == 0x0
 00530   480   NtMapViewOfSection  (68, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0x890000), 0x0, 262144, ) == 0x0
 00531   480   NtClose  (68, ... ) == 0x0
 00532   480   NtUnmapViewOfSection  (-1, 0x890000, ... ) == 0x0
 00533   480   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00534   480   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00535   480   NtAllocateVirtualMemory  (-1, 1331200, 0, 4096, 4096, 4, ... 1331200, 4096, ) == 0x0
 00536   480   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00537   480   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\Device\KsecDD"}, 7, 16, ... 68, {status=0x0, info=0}, ) }, 7, 16, ... 68, {status=0x0, info=0}, ) == 0x0
 00538   480   NtDeviceIoControlFile  (68, 0, 0x0, 0x0, 0x390008,  (68, 0, 0x0, 0x0, 0x390008, "\365\336\37\362\254\343\220J\311\201\242P\331\323\373N\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 256, 256, ... , 256, 256, ...
 00539   480   NtQuerySystemInformation  (TimeOfDay, 48, ... {system info, class 3, size 48}, 48, ) == 0x0
 00540   480   NtQuerySystemInformation  (ProcessorTimes, 48, ... {system info, class 8, size 48}, 48, ) == 0x0
 00541   480   NtQuerySystemInformation  (Performance, 312, ... {system info, class 2, size 312}, 312, ) == 0x0
 00542   480   NtQuerySystemInformation  (Exception, 16, ... {system info, class 33, size 16}, 16, ) == 0x0
 00543   480   NtQuerySystemInformation  (Lookaside, 32, ... {system info, class 45, size 32}, 32, ) == 0x0
 00544   480   NtQuerySystemInformation  (ProcessorStatistics, 3016, ... {system info, class 23, size 0}, 0, ) == 0x0
 00545   480   NtQuerySystemInformation  (ProcessesAndThreads, 3008, ... ) == STATUS_INFO_LENGTH_MISMATCH
 00546   480   NtCreateKey  (0x2, {24, 0, 0x240, 0, 0,  (0x2, {24, 0, 0x240, 0, 0, "\Registry\Machine\SOFTWARE\Microsoft\Cryptography\RNG"}, 0, 0x0, 0, ... -2147482060, 2, ) }, 0, 0x0, 0, ... -2147482060, 2, ) == 0x0
 00547   480   NtSetValueKey  (-2147482060,  (-2147482060, "Seed", 0, 3, "\367\360y\355g\211\357\336\37[D\20R\2201])\3370\2\205~CG\321\340\250\247\367pN\353\301\7\323N\327\232\313\275\310\367\240M\243:7(M(\332\36\341\202l\211\354\344\362\223\307\360/\311p>\277X\260\340\213\332\253N\233\351\304p\200d", 80, ... ) , 0, 3,  (-2147482060, "Seed", 0, 3, "\367\360y\355g\211\357\336\37[D\20R\2201])\3370\2\205~CG\321\340\250\247\367pN\353\301\7\323N\327\232\313\275\310\367\240M\243:7(M(\332\36\341\202l\211\354\344\362\223\307\360/\311p>\277X\260\340\213\332\253N\233\351\304p\200d", 80, ... ) , 80, ... ) == 0x0
 00548   480   NtClose  (-2147482060, ... ) == 0x0
 00538   480   NtDeviceIoControlFile  ... {status=0x0, info=256},  ... {status=0x0, info=256}, "\305<\336\304S\20\!\221\4?\203\23\215\222I7Wm2\35KN8\240\277\305\346\12\334\270\315\16-B\4\301\346\312\17L\317\307q\264D\264\273\225S\362\244\327X\112/\210j\323 \242\273\337i\200lX\344j\0\365\205\360\302\222\375\262\240\324\357\364\213v6\25p\31\340\277\20{G\224)\232\321\5\12\347\257\343iF\371\347\264Z\373\265\250\200\301\273\305Z\365Z>Q\215\205\373\236y\2\15\223\270\366\340\7\35?\277X^m\334;\227+\353\321WU\274\20\2626\377\26\1\1\344\346x\178\344\352\356.}\342\353\305\304-\2X+A\311\210\260\264\220\316\345]y\261\3339M\334\205\4\317D\201\236\34\215>D\252N\10\201\332p^\266\14u\26\302\243Q\220>\220\340\310s\35\234\238\255\304~%I\351\306\16\26\272\353u\256\10g\352B\243F\360\312a\363\220\251=~s\301{U\263]\344\334", ) , ) == 0x0
 00549   480   NtAllocateVirtualMemory  (-1, 1335296, 0, 16384, 4096, 4, ... 1335296, 16384, ) == 0x0
 00550   480   NtUserRegisterClassExWOW  (1244728, 1244808, 1244792, 1244824, 0, 384, 0, ... ) == 0x8126c038
 00551   480   NtUserGetAtomName  (49208, 1243492, ... ) == 0x15
 00552   480   NtUserCreateWindowEx  (0, 49208, 49208,  (0, 49208, 49208, "OleMainThreadWndName", -2013265920, -2147483648, -2147483648, -2147483648, -2147483648, -3, 0, 1998258176, 0, 1073742848, 0, ... , -2013265920, -2147483648, -2147483648, -2147483648, -2147483648, -3, 0, 1998258176, 0, 1073742848, 0, ...
 00553   480   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\uxtheme.dll"}, 1241016, ... ) }, 1241016, ... ) == 0x0
 00554   480   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\uxtheme.dll"}, 5, 96, ... 56, {status=0x0, info=1}, ) }, 5, 96, ... 56, {status=0x0, info=1}, ) == 0x0
 00555   480   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 56, ... 72, ) == 0x0
 00556   480   NtClose  (56, ... ) == 0x0
 00557   480   NtMapViewOfSection  (72, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0x890000), 0x0, 204800, ) == 0x0
 00558   480   NtClose  (72, ... ) == 0x0
 00559   480   NtUnmapViewOfSection  (-1, 0x890000, ... ) == 0x0
 00560   480   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\uxtheme.dll"}, 1241332, ... ) }, 1241332, ... ) == 0x0
 00561   480   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\uxtheme.dll"}, 5, 96, ... 72, {status=0x0, info=1}, ) }, 5, 96, ... 72, {status=0x0, info=1}, ) == 0x0
 00562   480   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 72, ... 56, ) == 0x0
 00563   480   NtQuerySection  (56, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00564   480   NtClose  (72, ... ) == 0x0
 00565   480   NtMapViewOfSection  (56, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x5ad70000), 0x0, 212992, ) == 0x0
 00566   480   NtClose  (56, ... ) == 0x0
 00567   480   NtUserGetWindowDC  (0, ... ) == 0x1010054
 00568   480   NtUserCallOneParam  (16842836, 56, ... ) == 0x1
 00569   480   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00570   480   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... 56, ) == 0x0
 00571   480   NtQueryInformationToken  (56, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00572   480   NtClose  (56, ... ) == 0x0
 00573   480   NtOpenKey  (0x2001f, {24, 0, 0x640, 0, 0,  (0x2001f, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... 56, ) }, ... 56, ) == 0x0
 00574   480   NtOpenKey  (0x1, {24, 56, 0x40, 0, 0,  (0x1, {24, 56, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\ThemeManager"}, ... 72, ) }, ... 72, ) == 0x0
 00575   480   NtQueryValueKey  (72,  (72, "Compositing", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00576   480   NtClose  (72, ... ) == 0x0
 00577   480   NtClose  (56, ... ) == 0x0
 00578   480   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00579   480   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... 56, ) == 0x0
 00580   480   NtQueryInformationToken  (56, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00581   480   NtClose  (56, ... ) == 0x0
 00582   480   NtOpenKey  (0x20019, {24, 0, 0x640, 0, 0,  (0x20019, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... 56, ) }, ... 56, ) == 0x0
 00583   480   NtOpenKey  (0x1, {24, 56, 0x40, 0, 0,  (0x1, {24, 56, 0x40, 0, 0, "Control Panel\Desktop"}, ... 72, ) }, ... 72, ) == 0x0
 00584   480   NtQueryValueKey  (72,  (72, "LameButtonText", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00585   480   NtClose  (72, ... ) == 0x0
 00586   480   NtClose  (56, ... ) == 0x0
 00587   480   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\UxTheme.dll"}, 1240832, ... ) }, 1240832, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00588   480   NtQueryAttributesFile  ({24, 12, 0x40, 0, 0,  ({24, 12, 0x40, 0, 0, "UxTheme.dll"}, 1240832, ... ) }, 1240832, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00589   480   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\UxTheme.dll"}, 1240832, ... ) }, 1240832, ... ) == 0x0
 00590   480   NtUserGetProcessWindowStation  (... ) == 0x24
 00591   480   NtUserGetObjectInformation  (36, 2, 0, 0, 1243128, ... ) == 0x0
 00592   480   NtUserGetObjectInformation  (36, 2, 1350080, 16, 1243128, ... ) == 0x1
 00593   480   NtUserGetGUIThreadInfo  (480, 1243084, ... ) == 0x1
 00594   480   NtConnectPort  ( ("\ThemeApiPort", {12, 2, 1, 1}, 0x0, 0x0, 1242904, 64, ... 56, 0x0, 0x0, 0x0, 64, ) , {12, 2, 1, 1}, 0x0, 0x0, 1242904, 64, ... 56, 0x0, 0x0, 0x0, 64, ) == 0x0
 00595   480   NtRequestWaitReplyPort  (56, {32, 56, new_msg, 0, 0, 0, 0, 0}  (56, {32, 56, new_msg, 0, 0, 0, 0, 0} "\4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" ... {32, 56, reply, 0, 432, 480, 1587, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" )  ... {32, 56, reply, 0, 432, 480, 1587, 0}  (56, {32, 56, new_msg, 0, 0, 0, 0, 0} "\4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" ... {32, 56, reply, 0, 432, 480, 1587, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" )  ) == 0x0
 00596   480   NtRequestWaitReplyPort  (56, {32, 56, new_msg, 0, 0, 0, 0, 0}  (56, {32, 56, new_msg, 0, 0, 0, 0, 0} "\355\3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" ... {32, 56, reply, 0, 432, 480, 1588, 0} "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" )  ... {32, 56, reply, 0, 432, 480, 1588, 0}  (56, {32, 56, new_msg, 0, 0, 0, 0, 0} "\355\3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" ... {32, 56, reply, 0, 432, 480, 1588, 0} "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" )  ) == 0x0
 00597   480   NtUserCallNoParam  (29, ...
 00598   480   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\uxtheme.dll"}, 1240376, ... ) }, 1240376, ... ) == 0x0
 00597   480   NtUserCallNoParam  ... ) == 0x0
 00599   480   NtUserSystemParametersInfo  (41, 0, 1524225160, 0, ... ) == 0x1
 00600   480   NtGdiHfontCreate  (1242456, 356, 0, 0, 1329800, ... ) == 0xd0a047d
 00601   480   NtGdiHfontCreate  (1242456, 356, 0, 0, 1329792, ... ) == 0x80a0480
 00602   480   NtRequestWaitReplyPort  (56, {32, 56, new_msg, 0, 0, 0, 0, 0}  (56, {32, 56, new_msg, 0, 0, 0, 0, 0} "\7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" ... {32, 56, reply, 0, 432, 480, 1589, 0} "\0\0\0\0\0\0\0\0H\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" )  ... {32, 56, reply, 0, 432, 480, 1589, 0}  (56, {32, 56, new_msg, 0, 0, 0, 0, 0} "\7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" ... {32, 56, reply, 0, 432, 480, 1589, 0} "\0\0\0\0\0\0\0\0H\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" )  ) == 0x0
 00603   480   NtMapViewOfSection  (72, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 2, ... (0x890000), {0, 0}, 331776, ) == 0x0
 00604   480   NtUserGetWindowDC  (0, ... ) == 0x1010054
 00605   480   NtUserCallOneParam  (16842836, 56, ... ) == 0x1
 00606   480   NtUserGetWindowDC  (0, ... ) == 0x1010054
 00607   480   NtUserCallOneParam  (16842836, 56, ... ) == 0x1
 00608   480   NtUserGetWindowDC  (0, ... ) == 0x1010054
 00609   480   NtUserCallOneParam  (16842836, 56, ... ) == 0x1
 00610   480   NtUserGetWindowDC  (0, ... ) == 0x1010054
 00611   480   NtUserCallOneParam  (16842836, 56, ... ) == 0x1
 00612   480   NtUserGetWindowDC  (0, ... ) == 0x1010054
 00613   480   NtUserCallOneParam  (16842836, 56, ... ) == 0x1
 00614   480   NtUserGetWindowDC  (0, ... ) == 0x1010054
 00615   480   NtUserCallOneParam  (16842836, 56, ... ) == 0x1
 00616   480   NtUserGetWindowDC  (0, ... ) == 0x1010054
 00617   480   NtUserCallOneParam  (16842836, 56, ... ) == 0x1
 00618   480   NtUserGetWindowDC  (0, ... ) == 0x1010054
 00619   480   NtUserCallOneParam  (16842836, 56, ... ) == 0x1
 00620   480   NtUserGetWindowDC  (0, ... ) == 0x1010054
 00621   480   NtGdiCreatePatternBrushInternal  (59048369, 0, 0, ... ) == 0x6100482
 00622   480   NtUserCallOneParam  (16842836, 56, ... ) == 0x1
 00623   480   NtUserCallNoParam  (29, ...
 00624   480   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\uxtheme.dll"}, 1239820, ... ) }, 1239820, ... ) == 0x0
 00623   480   NtUserCallNoParam  ... ) == 0x0
 00625   480   NtUserCallNoParam  (29, ...
 00626   480   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\uxtheme.dll"}, 1239816, ... ) }, 1239816, ... ) == 0x0
 00625   480   NtUserCallNoParam  ... ) == 0x0
 00627   480   NtUserMessageCall  (0x200be, WM_NCCREATE, 0x0, 0x12f910, 0, 670, 0, ... ) == 0x1
 00628   480   NtUserMessageCall  (0x200be, WM_NCCALCSIZE, 0x0, 0x12f938, 0, 670, 0, ... ) == 0x0
 00629   480   NtUserSetProp  (131262, 43288, -1, ... ) == 0x1
 00552   480   NtUserCreateWindowEx  ... ) == 0x200be
 00630   480   NtDeviceIoControlFile  (68, 0, 0x0, 0x0, 0x390008,  (68, 0, 0x0, 0x0, 0x390008, "\365\336\37\362\254\343\220\351\270#S"N\313c\337\236\262Y\365\212\377\220\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 256, 256, ... N\313c\337\236\262Y\365\212\377\220\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 256, 256, ...
 00631   480   NtQuerySystemInformation  (TimeOfDay, 48, ... {system info, class 3, size 48}, 48, ) == 0x0
 00632   480   NtQuerySystemInformation  (ProcessorTimes, 48, ... {system info, class 8, size 48}, 48, ) == 0x0
 00633   480   NtQuerySystemInformation  (Performance, 312, ... {system info, class 2, size 312}, 312, ) == 0x0
 00634   480   NtQuerySystemInformation  (Exception, 16, ... {system info, class 33, size 16}, 16, ) == 0x0
 00635   480   NtQuerySystemInformation  (Lookaside, 32, ... {system info, class 45, size 32}, 32, ) == 0x0
 00636   480   NtQuerySystemInformation  (ProcessorStatistics, 3016, ... {system info, class 23, size 0}, 0, ) == 0x0
 00637   480   NtQuerySystemInformation  (ProcessesAndThreads, 3008, ... ) == STATUS_INFO_LENGTH_MISMATCH
 00638   480   NtCreateKey  (0x2, {24, 0, 0x240, 0, 0,  (0x2, {24, 0, 0x240, 0, 0, "\Registry\Machine\SOFTWARE\Microsoft\Cryptography\RNG"}, 0, 0x0, 0, ... -2147482060, 2, ) }, 0, 0x0, 0, ... -2147482060, 2, ) == 0x0
 00639   480   NtSetValueKey  (-2147482060,  (-2147482060, "Seed", 0, 3, "\306\203y\301Y\6W\213\361\244\17zB2\377\241t\321V\341\37\273\252\350n\322\345\224\312+\374,5\215\214\1\267F\12\350\273C\324;\232?\242{hm\257\37Z\4\0\21\23+\55\15\262\277\242\27.\270*\245J\4\207:\251\267Pb\5xd", 80, ... ) , 0, 3,  (-2147482060, "Seed", 0, 3, "\306\203y\301Y\6W\213\361\244\17zB2\377\241t\321V\341\37\273\252\350n\322\345\224\312+\374,5\215\214\1\267F\12\350\273C\324;\232?\242{hm\257\37Z\4\0\21\23+\55\15\262\277\242\27.\270*\245J\4\207:\251\267Pb\5xd", 80, ... ) , 80, ... ) == 0x0
 00640   480   NtClose  (-2147482060, ... ) == 0x0
 00630   480   NtDeviceIoControlFile  ... {status=0x0, info=256},  ... {status=0x0, info=256}, "\357\12YwZ>j\23302\206\211e\366YC\230\204\327;\251'\203mI|C,\325\354=\315y\345\347\272\321+\316O>\267\37\302Ec\312\310\0\24\22\213\254?\307\366J\275\210x\351\325>\21I\25\30\17\326@\3\352\324\207\210\327\225\377x\223\212\330\246?%M\253\234\256l\365 \207\364 \5\307+:\32j4\23\225\206\276\35\260v]j*\357\230\272\321\246\263\0\311\274\351\351\i\353?\346\205\204L\367FS\306uK!\261\306\232\16(\376<\364\337\324\343\15f\251U&xZ\302\227@lR\241!<\22\316:\14V\310|\254\372\3743\212\200\4\34\14Q\217K\344t\332\307\202\207\305\334\333O\220^\354\336\2620\233\2553\36D\30\306Lk\11\4/\326\205&Qh\\13L\217\30nb\360n\10\5#\222\317\26\325\372\366+\210}=@-\1\332P\371\301\241\204-\232lM\221\242\317\267", ) , ) == 0x0
 00641   480   NtDeviceIoControlFile  (68, 0, 0x0, 0x0, 0x390008,  (68, 0, 0x0, 0x0, 0x390008, "\365\336\37\362\254\343\220\351\270#S"N\313\300\256313\300\2561\236\262Y\365\212\377\220\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 256, 256, ...
 00642   480   NtQuerySystemInformation  (TimeOfDay, 48, ... {system info, class 3, size 48}, 48, ) == 0x0
 00643   480   NtQuerySystemInformation  (ProcessorTimes, 48, ... {system info, class 8, size 48}, 48, ) == 0x0
 00644   480   NtQuerySystemInformation  (Performance, 312, ... {system info, class 2, size 312}, 312, ) == 0x0
 00645   480   NtQuerySystemInformation  (Exception, 16, ... {system info, class 33, size 16}, 16, ) == 0x0
 00646   480   NtQuerySystemInformation  (Lookaside, 32, ... {system info, class 45, size 32}, 32, ) == 0x0
 00647   480   NtQuerySystemInformation  (ProcessorStatistics, 3016, ... {system info, class 23, size 0}, 0, ) == 0x0
 00648   480   NtQuerySystemInformation  (ProcessesAndThreads, 3008, ... ) == STATUS_INFO_LENGTH_MISMATCH
 00649   480   NtCreateKey  (0x2, {24, 0, 0x240, 0, 0,  (0x2, {24, 0, 0x240, 0, 0, "\Registry\Machine\SOFTWARE\Microsoft\Cryptography\RNG"}, 0, 0x0, 0, ... -2147482060, 2, ) }, 0, 0x0, 0, ... -2147482060, 2, ) == 0x0
 00650   480   NtSetValueKey  (-2147482060,  (-2147482060, "Seed", 0, 3, "PJJ\247\323\316\226\265\255\250>\6[D\275\21q\335\302\341J\330\234\204\266\335`\273/j\247\256\344T\217\7\212\227\1\215'B\15Kk;I\353\353ip\2;\224\223_\377Iol\2660\341}\313\370<7\305\257\31\351\361kQg\305P\210M", 80, ... ) , 0, 3,  (-2147482060, "Seed", 0, 3, "PJJ\247\323\316\226\265\255\250>\6[D\275\21q\335\302\341J\330\234\204\266\335`\273/j\247\256\344T\217\7\212\227\1\215'B\15Kk;I\353\353ip\2;\224\223_\377Iol\2660\341}\313\370<7\305\257\31\351\361kQg\305P\210M", 80, ... ) , 80, ... ) == 0x0
 00651   480   NtClose  (-2147482060, ... ) == 0x0
 00641   480   NtDeviceIoControlFile  ... {status=0x0, info=256},  ... {status=0x0, info=256}, "\225&\31Kz&2Uuu\342\322\365Z\35\13\271\276\205\225zF\317G^>(\357r\341tk\254\356\11\202\207<\247\207\261\13f}B\273p1\15J\14\317\341\234\337\346\217\25$\15\364\302\224o[\250tk;\277\357\227\215\301\320\351\242\201\5\251 \330\311\335\17\330\13i\227\257\337~\30\313\207\316 \263\324e\227\367\334\202\256)\327\275\22\355\223\272>0\337zj\316\263\305\341\332\272\2727\242\26\276\314\323A\272\250\23.#\334\6\303(\212T/\345)4\335\220\212dga\227\251\322\342\323\273u\266t3\275<\7Z*\244\242^\5\177\223;g\27\23\324\372\22U^\231\222&\25V`\6s, ) , ) == 0x0
 00652   480   NtDeviceIoControlFile  (68, 0, 0x0, 0x0, 0x390008,  (68, 0, 0x0, 0x0, 0x390008, "\365\336\37\362\254\343\220\351\270#S"N\313\300\256313\300\256222\304p1\236\262Y\365\212\377\220\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 256, 256, ...
 00653   480   NtQuerySystemInformation  (TimeOfDay, 48, ... {system info, class 3, size 48}, 48, ) == 0x0
 00654   480   NtQuerySystemInformation  (ProcessorTimes, 48, ... {system info, class 8, size 48}, 48, ) == 0x0
 00655   480   NtQuerySystemInformation  (Performance, 312, ... {system info, class 2, size 312}, 312, ) == 0x0
 00656   480   NtQuerySystemInformation  (Exception, 16, ... {system info, class 33, size 16}, 16, ) == 0x0
 00657   480   NtQuerySystemInformation  (Lookaside, 32, ... {system info, class 45, size 32}, 32, ) == 0x0
 00658   480   NtQuerySystemInformation  (ProcessorStatistics, 3016, ... {system info, class 23, size 0}, 0, ) == 0x0
 00659   480   NtQuerySystemInformation  (ProcessesAndThreads, 3008, ... ) == STATUS_INFO_LENGTH_MISMATCH
 00660   480   NtCreateKey  (0x2, {24, 0, 0x240, 0, 0,  (0x2, {24, 0, 0x240, 0, 0, "\Registry\Machine\SOFTWARE\Microsoft\Cryptography\RNG"}, 0, 0x0, 0, ... -2147482060, 2, ) }, 0, 0x0, 0, ... -2147482060, 2, ) == 0x0
 00661   480   NtSetValueKey  (-2147482060,  (-2147482060, "Seed", 0, 3, "0\205\303\204\236\326\257\302yU0|\315\374)\37\205\265\315x\252\22\317\352\246\23\316\354@\\317\306\331\266\2152\371\335\22t(\373\213\211\240!\340\247\264\362\277\230r\353\32m\322\327\310\331\203@\235\33\302\221\5\265\237\204\216Z\377\37;s\15\200&1", 80, ... ) , 0, 3,  (-2147482060, "Seed", 0, 3, "0\205\303\204\236\326\257\302yU0|\315\374)\37\205\265\315x\252\22\317\352\246\23\316\354@\\317\306\331\266\2152\371\335\22t(\373\213\211\240!\340\247\264\362\277\230r\353\32m\322\327\310\331\203@\235\33\302\221\5\265\237\204\216Z\377\37;s\15\200&1", 80, ... ) , 80, ... ) == 0x0
 00662   480   NtClose  (-2147482060, ... ) == 0x0
 00652   480   NtDeviceIoControlFile  ... {status=0x0, info=256},  ... {status=0x0, info=256}, "\3469\343\240L\15$\254\305,L\326\5B\310C\227F\342a\21\252r"8\213\233\20\320f\247\223b\351qS3U\371\255\230\232\315\332\267\236l)7\3\221\247d\344\34\276E\213+\17\\366|G\12\12\10"\34H\306\221\226BZ=B\331n@\6\322\346k\357\3132\367\324\256`\216[>\35\331W&.Nc,\213\240\253\340[\7|\35JM\255^\35J\177h?\357\222\20\37g'\205o\221L\17\33A\233Q\3225s\22D\340Co\311\365\326\32\343\272\227S\274\363\201\350+\2302c\262\240,\275n`\262\364\22\232#\304;M\204\211\361y\231Hz:\332C\17"\0\3578sh\221a\11\341\326\254{\26\370\220\254<\211\316\32H5\16\365x#\305\246\21\204L\3646\315\276x\226\231?LO\212\341$\302N\260\377s\202\263-\317\236o\6\35\217)F\23\31\25X\346%\31C", ) 8\213\233\20\320f\247\223b\351qS3U\371\255\230\232\315\332\267\236l)7\3\221\247d\344\34\276E\213+\17\\366|G\12\12\10 ... {status=0x0, info=256}, "\3469\343\240L\15$\254\305,L\326\5B\310C\227F\342a\21\252r"8\213\233\20\320f\247\223b\351qS3U\371\255\230\232\315\332\267\236l)7\3\221\247d\344\34\276E\213+\17\\366|G\12\12\10"\34H\306\221\226BZ=B\331n@\6\322\346k\357\3132\367\324\256`\216[>\35\331W&.Nc,\213\240\253\340[\7|\35JM\255^\35J\177h?\357\222\20\37g'\205o\221L\17\33A\233Q\3225s\22D\340Co\311\365\326\32\343\272\227S\274\363\201\350+\2302c\262\240,\275n`\262\364\22\232#\304;M\204\211\361y\231Hz:\332C\17"\0\3578sh\221a\11\341\326\254{\26\370\220\254<\211\316\32H5\16\365x#\305\246\21\204L\3646\315\276x\226\231?LO\212\341$\302N\260\377s\202\263-\317\236o\6\35\217)F\23\31\25X\346%\31C", ) \0\3578sh\221a\11\341\326\254{\26\370\220\254<\211\316\32H5\16\365x#\305\246\21\204L\3646\315\276x\226\231?LO\212\341$\302N\260\377s\202\263-\317\236o\6\35\217)F\23\31\25X\346%\31C", ) == 0x0
 00663   480   NtDeviceIoControlFile  (68, 0, 0x0, 0x0, 0x390008,  (68, 0, 0x0, 0x0, 0x390008, "\365\336\37\362\254\343\220\351\270#S"N\313\300\256313\300\256222\304p222\304p1\236\262Y\365\212\377\220\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 256, 256, ...
 00664   480   NtQuerySystemInformation  (TimeOfDay, 48, ... {system info, class 3, size 48}, 48, ) == 0x0
 00665   480   NtQuerySystemInformation  (ProcessorTimes, 48, ... {system info, class 8, size 48}, 48, ) == 0x0
 00666   480   NtQuerySystemInformation  (Performance, 312, ... {system info, class 2, size 312}, 312, ) == 0x0
 00667   480   NtQuerySystemInformation  (Exception, 16, ... {system info, class 33, size 16}, 16, ) == 0x0
 00668   480   NtQuerySystemInformation  (Lookaside, 32, ... {system info, class 45, size 32}, 32, ) == 0x0
 00669   480   NtQuerySystemInformation  (ProcessorStatistics, 3016, ... {system info, class 23, size 0}, 0, ) == 0x0
 00670   480   NtQuerySystemInformation  (ProcessesAndThreads, 3008, ... ) == STATUS_INFO_LENGTH_MISMATCH
 00671   480   NtCreateKey  (0x2, {24, 0, 0x240, 0, 0,  (0x2, {24, 0, 0x240, 0, 0, "\Registry\Machine\SOFTWARE\Microsoft\Cryptography\RNG"}, 0, 0x0, 0, ... -2147482060, 2, ) }, 0, 0x0, 0, ... -2147482060, 2, ) == 0x0
 00672   480   NtSetValueKey  (-2147482060,  (-2147482060, "Seed", 0, 3, "]8\212\273A1\2\240@!\242\374\323r\207\7e\300;\303&\211\326\337S\317\303\200\364\236^\203\230\335\204\205\256\255c\364HJ\374R\3\221\25\305\230\371\210\22\245\1/\245\21112\261\374sJ\203f\2\212\252\6\211\246\\271\2674\2502k\33B", 80, ... ) , 0, 3,  (-2147482060, "Seed", 0, 3, "]8\212\273A1\2\240@!\242\374\323r\207\7e\300;\303&\211\326\337S\317\303\200\364\236^\203\230\335\204\205\256\255c\364HJ\374R\3\221\25\305\230\371\210\22\245\1/\245\21112\261\374sJ\203f\2\212\252\6\211\246\\271\2674\2502k\33B", 80, ... ) , 80, ... ) == 0x0
 00673   480   NtClose  (-2147482060, ... ) == 0x0
 00663   480   NtDeviceIoControlFile  ... {status=0x0, info=256},  ... {status=0x0, info=256}, "\235\30\321\225\264\224\373\335\302\320\252\7r\246/+ \205\35\357f\204M\370q7\212\236\1\33\2435\260\13\250H\200\207e`\242R*\15Q|\243\377\211g\2702\31 \327_\237J&\7\273\370\333kQK;\251\343^\324\273\312S\22=\340\326\12\0\322\323$\210\243\2616T?\362D\215{\347J\305'\353\204\361\6_:\207G\352Y\336\22vQ\245t\323(\227Y\205*\236/\374\307a\226\325\201x\300k\267\275S1\17\245y\204G\226g\267\177\225\35\32\14\331\37\212\343\326\5\324\312"\305C\242\213\354\204\272\30\326\204\342\241\207at\17\256\316b{%&\37\337bhb\260_[\276\24\31\271^AD\10\22\321u\255\303\2463@S\20;A7\375\1\365A\0\2412\225j\326\307\315l8\371\373\326HY\311\304\227\3041r\3708X\337\321\220D%'\376\210\266\274%\37"\177\224"G\201\3169\326", ) \305C\242\213\354\204\272\30\326\204\342\241\207at\17\256\316b{%&\37\337bhb\260_[\276\24\31\271^AD\10\22\321u\255\303\2463@S\20;A7\375\1\365A\0\2412\225j\326\307\315l8\371\373\326HY\311\304\227\3041r\3708X\337\321\220D%'\376\210\266\274%\37 ... {status=0x0, info=256}, "\235\30\321\225\264\224\373\335\302\320\252\7r\246/+ \205\35\357f\204M\370q7\212\236\1\33\2435\260\13\250H\200\207e`\242R*\15Q|\243\377\211g\2702\31 \327_\237J&\7\273\370\333kQK;\251\343^\324\273\312S\22=\340\326\12\0\322\323$\210\243\2616T?\362D\215{\347J\305'\353\204\361\6_:\207G\352Y\336\22vQ\245t\323(\227Y\205*\236/\374\307a\226\325\201x\300k\267\275S1\17\245y\204G\226g\267\177\225\35\32\14\331\37\212\343\326\5\324\312"\305C\242\213\354\204\272\30\326\204\342\241\207at\17\256\316b{%&\37\337bhb\260_[\276\24\31\271^AD\10\22\321u\255\303\2463@S\20;A7\375\1\365A\0\2412\225j\326\307\315l8\371\373\326HY\311\304\227\3041r\3708X\337\321\220D%'\376\210\266\274%\37"\177\224"G\201\3169\326", ) G\201\3169\326", ) == 0x0
 00674   480   NtDeviceIoControlFile  (68, 0, 0x0, 0x0, 0x390008,  (68, 0, 0x0, 0x0, 0x390008, "\365\336\37\362\254\343\220\351\270#S"N\313\300\256313\300\256222\304p222\304p222\304p1\236\262Y\365\212\377\220\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 256, 256, ...
 00675   480   NtQuerySystemInformation  (TimeOfDay, 48, ... {system info, class 3, size 48}, 48, ) == 0x0
 00676   480   NtQuerySystemInformation  (ProcessorTimes, 48, ... {system info, class 8, size 48}, 48, ) == 0x0
 00677   480   NtQuerySystemInformation  (Performance, 312, ... {system info, class 2, size 312}, 312, ) == 0x0
 00678   480   NtQuerySystemInformation  (Exception, 16, ... {system info, class 33, size 16}, 16, ) == 0x0
 00679   480   NtQuerySystemInformation  (Lookaside, 32, ... {system info, class 45, size 32}, 32, ) == 0x0
 00680   480   NtQuerySystemInformation  (ProcessorStatistics, 3016, ... {system info, class 23, size 0}, 0, ) == 0x0
 00681   480   NtQuerySystemInformation  (ProcessesAndThreads, 3008, ... ) == STATUS_INFO_LENGTH_MISMATCH
 00682   480   NtCreateKey  (0x2, {24, 0, 0x240, 0, 0,  (0x2, {24, 0, 0x240, 0, 0, "\Registry\Machine\SOFTWARE\Microsoft\Cryptography\RNG"}, 0, 0x0, 0, ... -2147482060, 2, ) }, 0, 0x0, 0, ... -2147482060, 2, ) == 0x0
 00683   480   NtSetValueKey  (-2147482060,  (-2147482060, "Seed", 0, 3, "\355#\223_\16a\5\254\36\201\233y\326\340\324\250=\14V[\210\317E8\13\340\300\336\237\264]\243\265\374\32z\317\235\337\275\221\11<\204\324 \306\340\332\367\274\336\264\242\32\20\276TtU\16\204\33*\2346\212W\10\247\317\345\347\246L\21\372\272\254h", 80, ... ) , 0, 3,  (-2147482060, "Seed", 0, 3, "\355#\223_\16a\5\254\36\201\233y\326\340\324\250=\14V[\210\317E8\13\340\300\336\237\264]\243\265\374\32z\317\235\337\275\221\11<\204\324 \306\340\332\367\274\336\264\242\32\20\276TtU\16\204\33*\2346\212W\10\247\317\345\347\246L\21\372\272\254h", 80, ... ) , 80, ... ) == 0x0
 00684   480   NtClose  (-2147482060, ... ) == 0x0
 00674   480   NtDeviceIoControlFile  ... {status=0x0, info=256},  ... {status=0x0, info=256}, "\236.Tu\312Z\204\332*r6e\361<\374\245\206\31\223\21g\2359\243\277\274\230\251\356\36\35\270\261\\34\17\310/[,-\353\343 ,Q\273\332\5\202D!\357\355\356z\345\216\314g\271\264*!\353\244W!\245\326\300\343\334\275\16\273\220JH\226'\306\15\255\312\23\372g\24\313\3rs&\260{/n\343\356(\214#\376k!i3[\261v\333N\17\24\2770\276\33\22\207\341UD\376\20\0\323\10\367\277\4 w0{\10M\315\313\240\231\306\351?\270\352\205\271\365}<}\217\207\26\33TM\307d\35\203\202OK\24lj\311\351'zSn\275>\10E@xzV\205\177E\205c\300\260\240\304o\332v\302\251\277\376\306(\202\330\34\3537\371(\237\313$ \375\366\345\253A\224f\5\226\13\304\246\35\26Z}:\322!S\2\372;*M\237\22\275\234Q\344qH|@\252\366;M\214\276A>\5", ) , ) == 0x0
 00685   480   NtDeviceIoControlFile  (68, 0, 0x0, 0x0, 0x390008,  (68, 0, 0x0, 0x0, 0x390008, "\365\336\37\362\254\343\220\351\270#S"N\313\300\256313\300\256222\304p222\304p222\304p222\304p1\236\262Y\365\212\377\220\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 256, 256, ...
 00686   480   NtQuerySystemInformation  (TimeOfDay, 48, ... {system info, class 3, size 48}, 48, ) == 0x0
 00687   480   NtQuerySystemInformation  (ProcessorTimes, 48, ... {system info, class 8, size 48}, 48, ) == 0x0
 00688   480   NtQuerySystemInformation  (Performance, 312, ... {system info, class 2, size 312}, 312, ) == 0x0
 00689   480   NtQuerySystemInformation  (Exception, 16, ... {system info, class 33, size 16}, 16, ) == 0x0
 00690   480   NtQuerySystemInformation  (Lookaside, 32, ... {system info, class 45, size 32}, 32, ) == 0x0
 00691   480   NtQuerySystemInformation  (ProcessorStatistics, 3016, ... {system info, class 23, size 0}, 0, ) == 0x0
 00692   480   NtQuerySystemInformation  (ProcessesAndThreads, 3008, ... ) == STATUS_INFO_LENGTH_MISMATCH
 00693   480   NtCreateKey  (0x2, {24, 0, 0x240, 0, 0,  (0x2, {24, 0, 0x240, 0, 0, "\Registry\Machine\SOFTWARE\Microsoft\Cryptography\RNG"}, 0, 0x0, 0, ... -2147482060, 2, ) }, 0, 0x0, 0, ... -2147482060, 2, ) == 0x0
 00694   480   NtSetValueKey  (-2147482060,  (-2147482060, "Seed", 0, 3, "5}W#\374\202\251:\26\303TJ\317\32\26_\262\215\245r\3553W\316m\32*\341\200\222;\347\23,\305OF\3771\310h\336\253\316|T\311\203\200W9\300\355(\231Z\236..\32=P\263\262\330\205v\356\362\16R\257\210*\2643\235\224\327{", 80, ... ) , 0, 3,  (-2147482060, "Seed", 0, 3, "5}W#\374\202\251:\26\303TJ\317\32\26_\262\215\245r\3553W\316m\32*\341\200\222;\347\23,\305OF\3771\310h\336\253\316|T\311\203\200W9\300\355(\231Z\236..\32=P\263\262\330\205v\356\362\16R\257\210*\2643\235\224\327{", 80, ... ) , 80, ... ) == 0x0
 00695   480   NtClose  (-2147482060, ... ) == 0x0
 00685   480   NtDeviceIoControlFile  ... {status=0x0, info=256},  ... {status=0x0, info=256}, "\336MS\320J\300g\272\14\2304l\233\205RX\320\356\216\267\3400\375m\377u\317\340\221\377\276W\260Q\2kOaE\310\177\352\7,r\353\202\310|\364n>c <\272*\26\366,\0#\311cA\254KE\4 \4`\367\371\23W\357\306\355\362\276J\207\20\254\213\12\15\356FU\327Q\237&\305\3576Qd?~\346\312\24\14\3\3012\323\301\266\347A\312\13\\251\15\366\376P\247\325\276\15\375\363\201\213p2\236\321\317j/t\245\177\347\310\353\253\0)\347b}$3\33`\2264\306\301\363\210FR\237\342\275O\33\243\260\250@Ad\204\341\267\2\215\251\374<\15\365\261\262\362K:}x6\316\333s\215Z\222\326\275x\371T\301\364\30\345f\260.f\177[\21\334\250Px\211,\32\360v\234\5\274Q\352\373\3672f\214\334\214\261\236*1\206\356K\333\201Y\205u\303R\231\265\326\315\314\372\2650", ) , ) == 0x0
 00696   480   NtDeviceIoControlFile  (68, 0, 0x0, 0x0, 0x390008,  (68, 0, 0x0, 0x0, 0x390008, "\365\336\37\362\254\343\220\351\270#S"N\313\300\256313\300\256222\304p222\304p222\304p222\304p222\304p1\236\262Y\365\212\377\220\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 256, 256, ...
 00697   480   NtQuerySystemInformation  (TimeOfDay, 48, ... {system info, class 3, size 48}, 48, ) == 0x0
 00698   480   NtQuerySystemInformation  (ProcessorTimes, 48, ... {system info, class 8, size 48}, 48, ) == 0x0
 00699   480   NtQuerySystemInformation  (Performance, 312, ... {system info, class 2, size 312}, 312, ) == 0x0
 00700   480   NtQuerySystemInformation  (Exception, 16, ... {system info, class 33, size 16}, 16, ) == 0x0
 00701   480   NtQuerySystemInformation  (Lookaside, 32, ... {system info, class 45, size 32}, 32, ) == 0x0
 00702   480   NtQuerySystemInformation  (ProcessorStatistics, 3016, ... {system info, class 23, size 0}, 0, ) == 0x0
 00703   480   NtQuerySystemInformation  (ProcessesAndThreads, 3008, ... ) == STATUS_INFO_LENGTH_MISMATCH
 00704   480   NtCreateKey  (0x2, {24, 0, 0x240, 0, 0,  (0x2, {24, 0, 0x240, 0, 0, "\Registry\Machine\SOFTWARE\Microsoft\Cryptography\RNG"}, 0, 0x0, 0, ... -2147482060, 2, ) }, 0, 0x0, 0, ... -2147482060, 2, ) == 0x0
 00705   480   NtSetValueKey  (-2147482060,  (-2147482060, "Seed", 0, 3, "s;\372\11\34Ur~\337\315+\336~\20\367\205\312)\357 C\231\232*Ez@<\337^E~\252\205\240\373D\243\255\264U\224\301\3622\345J\337\337,\353\343\36)\37\200\255@B\32\1\310\37\205\200\375\274\177\241\373)+\320~\367\321U\30\353", 80, ... ) , 0, 3,  (-2147482060, "Seed", 0, 3, "s;\372\11\34Ur~\337\315+\336~\20\367\205\312)\357 C\231\232*Ez@<\337^E~\252\205\240\373D\243\255\264U\224\301\3622\345J\337\337,\353\343\36)\37\200\255@B\32\1\310\37\205\200\375\274\177\241\373)+\320~\367\321U\30\353", 80, ... ) , 80, ... ) == 0x0
 00706   480   NtClose  (-2147482060, ... ) == 0x0
 00696   480   NtDeviceIoControlFile  ... {status=0x0, info=256},  ... {status=0x0, info=256}, "\270\211Gm\322\246S\2\\335\202\275K\254\331\0\312\327&\10h\30B\343W9Z\2272\312\3264\252-\224\357q[\13\246\203\227k\361\26Pad\22\342q[rA[\3367\263v"\271Lb\305\374\355\315\222\216r\200\261\13$\202Il06\342\377\212\230\22\372\256\30\331\26Z\203PSbl\246X\217,\35\23M\3\221\213\342[c\324\260F\327\275Aj\376\345\242\273 \314\361\247S\367\233\272\264\376-!h\304\250\323\1\265`\340\231RcDk\250\30\370x\2\205f \37t\10*\264\216\23v\5\353|\277 ~\260\25&\264\252\4\332\375J\371\35\277nN\365`\336l]\204,\346\2179gL]G\372\200\366vp\230\242\313q\303\27Kb\272\35\224\04\2070\372>ty\274n\234\211[&z,\314\205\377\3531\37\276\200\340\211\3~L\307l\17\277k\342\360\204\3454ZCMb\372;", ) \271Lb\305\374\355\315\222\216r\200\261\13$\202Il06\342\377\212\230\22\372\256\30\331\26Z\203PSbl\246X\217,\35\23M\3\221\213\342[c\324\260F\327\275Aj\376\345\242\273 \314\361\247S\367\233\272\264\376-!h\304\250\323\1\265`\340\231RcDk\250\30\370x\2\205f \37t\10*\264\216\23v\5\353|\277 ~\260\25&\264\252\4\332\375J\371\35\277nN\365`\336l]\204,\346\2179gL]G\372\200\366vp\230\242\313q\303\27Kb\272\35\224\04\2070\372>ty\274n\234\211[&z,\314\205\377\3531\37\276\200\340\211\3~L\307l\17\277k\342\360\204\3454ZCMb\372;", ) == 0x0
 00707   480   NtUserRegisterWindowMessage  ( ("ObjectLink", ... ) , ... ) == 0xc002
 00708   480   NtAddAtom  ( ("O\0l\0e\0D\0r\0o\0p\0T\0a\0r\0g\0e\0t\0I\0n\0t\0e\0r\0f\0a\0c\0e\0", 44, 1244980, ... ) , 44, 1244980, ... ) == 0x0
 00709   480   NtAddAtom  ( ("O\0l\0e\0D\0r\0o\0p\0T\0a\0r\0g\0e\0t\0M\0a\0r\0s\0h\0a\0l\0H\0w\0n\0d\0", 48, 1244980, ... ) , 48, 1244980, ... ) == 0x0
 00710   480   NtUserRegisterWindowMessage  ( ("OM_POST_WM_COMMAND", ... ) , ... ) == 0xc08e
 00711   480   NtUserRegisterWindowMessage  ( ("OLE_MESSAHE", ... ) , ... ) == 0xc08f
 00712   480   NtAllocateVirtualMemory  (-1, 1351680, 0, 4096, 4096, 4, ... 1351680, 4096, ) == 0x0
 00713   480   NtCreateFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\DOCUME~1\SRI-user\LOCALS~1\Temp\"}, 0x0, 128, 3, 2, 16417, 0, 0, ... ) }, 0x0, 128, 3, 2, 16417, 0, 0, ... ) == STATUS_OBJECT_NAME_COLLISION
 00714   480   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\DOCUME~1\SRI-user\LOCALS~1\Temp"}, 1244636, ... ) }, 1244636, ... ) == 0x0
 00715   480   NtRequestWaitReplyPort  (24, {20, 48, new_msg, 0, 1350480, 1351024, 2012550797, 2147347456}  (24, {20, 48, new_msg, 0, 1350480, 1351024, 2012550797, 2147347456} "\0\0\0\0\2\0\1\0R\2\0\0\0\0\0\0\0\0\0\0" ... {20, 48, reply, 0, 432, 480, 1590, 0} "\0\0\0\0\2\0\1\0\1\0\0\0\0\0\0\0\1\0\0\0" )  ... {20, 48, reply, 0, 432, 480, 1590, 0}  (24, {20, 48, new_msg, 0, 1350480, 1351024, 2012550797, 2147347456} "\0\0\0\0\2\0\1\0R\2\0\0\0\0\0\0\0\0\0\0" ... {20, 48, reply, 0, 432, 480, 1590, 0} "\0\0\0\0\2\0\1\0\1\0\0\0\0\0\0\0\1\0\0\0" )  ) == 0x0
 00716   480   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244644,  (0x80100080, {24, 0, 0x40, 0, 1244644, "\??\C:\DOCUME~1\SRI-user\LOCALS~1\Temp\nse1.tmp"}, 0x0, 128, 0, 2, 96, 0, 0, ... 76, {status=0x0, info=2}, ) }, 0x0, 128, 0, 2, 96, 0, 0, ... 76, {status=0x0, info=2}, ) == 0x0
 00717   480   NtClose  (76, ... ) == 0x0
 00718   480   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\DOCUME~1\SRI-user\LOCALS~1\Temp\nse1.tmp"}, 7, 2113600, ... 76, {status=0x0, info=1}, ) }, 7, 2113600, ... 76, {status=0x0, info=1}, ) == 0x0
 00719   480   NtQueryInformationFile  (76, 1245016, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 00720   480   NtSetInformationFile  (76, 1245067, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 00721   480   NtClose  (76, ... ) == 0x0
 00722   480   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\packed.exe"}, 1244600, ... ) }, 1244600, ... ) == 0x0
 00723   480   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244580,  (0x80100080, {24, 0, 0x40, 0, 1244580, "\??\u:\work\packed.exe"}, 0x0, 32, 1, 1, 96, 0, 0, ... 76, {status=0x0, info=1}, ) }, 0x0, 32, 1, 1, 96, 0, 0, ... 76, {status=0x0, info=1}, ) == 0x0
 00724   480   NtQueryInformationFile  (76, 1244648, 24, Standard, ... {status=0x0, info=24}, ) == 0x0
 00725   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "MZ\220\0\3\0\0\0\4\0\0\0\377\377\0\0\270\0\0\0\0\0\0\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\370\0\0\0\16\37\272\16\0\264\11\315!\270\1L\315!This program cannot be run in DOS mode.\15\15\12$\0\0\0\0\0\0\0\16\23\347\222Jr\211\301Jr\211\301Jr\211\301\311z\326\301Kr\211\301\220Q\225\301Kr\211\301Yz\324\301Hr\211\301\311z\324\301@r\211\301\260Q\220\301Or\211\301Jr\210\301\352r\211\301O~\326\301Cr\211\301\246y\327\301Kr\211\301O~\323\301Kr\211\301RichJr\211\301\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0PE\0\0L\1\5\0\201f\203B\0\0\0\0\0\0\0\0\340\0\17\1\13\1\7\12\0f\0\0\0\366\1\0\0\4\0\0\352:\0\0\0\20\0\0\0\200\0\0\0\0@\0\0\20\0\0\0\2\0\0\4\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0\0\0\3\0\0\4\0\0\353!\5\0\2\0\0\4\0\0\20\0\0\20\0\0\0\0\20\0\0\20\0\0\0\0\0\0\20\0\0\0\0\0\0\0\0\0\0\0\14\216\0\0\264\0\0\0\0\360\2\0\0\20\0\0\0\0\0\0\0\0\0\0h\240\4\00\26\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\200\0\0\240\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0.tex", ) , ) == 0x0
 00726   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\0f\0\0\0\4\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \0\0`.rdata\0\0r\34\0\0\0\200\0\0\0\36\0\0\0j\0\0\0\0\0\0\0\0\0\0\0\0\0\0@\0\0@.data\0\0\0\224\304\1\0\0\240\0\0\0\2\0\0\0\210\0\0\0\0\0\0\0\0\0\0\0\0\0\0@\0\0\300.ndata\0\0\0\200\0\0\0p\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\200\0\0\300.rsrc\0\0\0\0\20\0\0\0\360\2\0\0\10\0\0\0\212\0\0\0\0\0\0\0\0\0\0\0\0\0\0@\0\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", ) , ) == 0x0
 00727   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "U\213\354\203\354\\203}\14\17t+\203}\14F\213E\24u\15\203H\30\20\213\15\340cB\0\211H\4P\377u\20\377u\14\377u\10\377\25`\202@\0\351B\1\0\0SV\2135\350cB\0W\215E\244P\377u\10\377\25d\202@\0\203e\364\0\211E\14\215E\344P\377u\10\377\25h\202@\0\213}\360\203e\360\0\213\35@\200@\0\351\200\0\0\0\17\266FR\17\266VV\17\257U\350\213\317+M\350\17\257\301\3\302\231\367\3773\322\211M\20\212\360\17\266FQ\17\257\301\17\266NU\17\257M\350\3\301\213\312\231\367\377\17\266VT\17\257U\350\212\310\17\266FP\17\257E\20\3\302\231\367\377\301\341\10\17\266\300\13\310\215E\364P\211M\370\377\25D\200@\0\203E\360\4P\211E\24\215E\344P\377u\14\377\25l\202@\0\377u\24\377\323\203E\350\49}\350\17\214w\377\377\377\203~X\377te\377v4\377\25H\200@\0\205\300\211E\24tU\213}\14j\1W\307E\344\20\0\0\0\307E\350\10\0\0\0\377\25L\200@\0\377vXW\377\25P\200@\0\377u\24\2135X\200@\0W\377\326h \10\0\0\211E\14\215E\344Pj\377h\340[B\0W\377\25p\202@\0\377u\14W\377\326\377u\24\377\323\215E\244P\377u\10\377\25t\202@\0_^3\300[\311\302\20\0\213L$\4\241\10dB\0\213\321i\322\30\4\0\0\213T\2\10\366\302\2tUVW\215q\13\377;5\14dB\0sD\213\316i\311\30\4\0\0\215D\1\10S\213\10\366\301\2t\3G\353\36\366\301\4t\11\213\317O\205\311t \353\20\366\301\20u\13\213\3313\332\203\343\13\331\211\30F\5\30\4\0\0;5\14dB\0r\312[_^\302\4\0U\213\354QQ", ) , ) == 0x0
 00728   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\0W\213=\10dB\0\213D>\103\311\250\2\211M\374\211M\370t\159M\14u\10\203\340\276\211D>\10B;\25\14dB\0sD\213\302i\300\30\4\0\0\215\8\10\213\13\366\301\2\215B\1t\12j\0R\350\244\377\377\377\213\13\366\301\4u(\366\301@t\3\377E\374\366\301\1t\5\377E\374\353\3\377E\370;\5\14dB\0\213\320r\2743\300_^[\311\302\10\0\203}\374\0t\363\203}\370\0\215L>\10t\5\203\11@\353\344\213\21\201\342\177\377\377\377\203\312\1\211\21\353\325j\1j\0\350H\377\377\377\303\213L$\4\241\10dB\0V3\366\203\371 s695\14dB\0v.\215P\10W\213\2\250\6u\243\377G\323\347\205z\374t\5\203\310\1\353\3\203\340\376\211\2F\201\302\30\4\0\0;5\14dB\0r\327_^\302\4\0U\213\354\203\354\14\241\350cB\0\203e\374\0SV\5\224\0\0\0W\213=\14dB\0\211E\370\213E\3703\3339\30tK;\337sE\2135\10dB\0\203\306\10\213\26\366\302\6u(\213E\10\205\300t\6\203<\230\0t\33\213M\3743\300@\323\340\213N\374\203\342\1#\310\213\301\213M\374\323\342;\302u\13C\201\306\30\4\0\0;\337r\306;\337t\15\377E\374\203E\370\4\203}\374 r\237\213E\374_^[\311\302\4\0\203=\204\240@\0\0Vu-3\311j\10\213\301^\213\320\200\342\1\366\332\33\322\201\342 \203\270\355\321\3503\302Nu\352\211\4\215\200\240@\0A\201\371\0\1\0\0|\325\213t$\20\205\366\213D$\10\367\320v\36\213L$\143\322\212\213\320\201\342\377\0\0\0\301\350\103\4\225\200\240@\0ANu\346\367\320^\302\14\0U\213\354SVW\213}\10\205\377\17\214", ) , ) == 0x0
 00729   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\213\15\20dB\0\213\307\301\340\5\3\301\213\10\203\371\1\17\204\241\0\0\0\205\35DdB\0t\12\203\371\24t\5\203\371>u3P\350\340\1\0\0\213\360\201\376\377\377\377\177\17\204\204\0\0\0\205\35DdB\0u\27\205\366}\25F\301\346\12\270\0pB\0+\306P\350\31K\0\0\213\360\205\366t\21\205\35DdB\0u\11N\213\307\213\376+\360\353\2FG\203}\14\0t7\241\304[B\0\15\314[B\03\311\205\300\17\224\301j\0\3\310Qh0u\0\0\3775\314[B\0\377\25$\201@\0Ph\2\4\0\0\377u\14\377\25x\202@\0\205\377\17\215G\377\377\3773\300_^[]\302\10\0\270\377\377\377\177\353\362\213D$\4\213\15\350cB\0j\0\377t\201l\350\11\377\377\377\302\4\0h\210\250@\0\377t$\10\350\260;\0\0\302\4\0\241\304\300@\0\3774\210j\0\350\266P\0\0P\350mJ\0\0\303\205\366\213\306}\2\367\330\213\25\304\300@\0\213\310\301\370\4W\203\341\17\3774\212\301\340\12\5\210\244@\0P\350\207P\0\0\205\366\213\370}\6W\350\315J\0\0\213\307_\303U\213\354\201\354\14\1\0\0SVW\215E\374Pj\103\333S\377u\14\377u\10\377\25\10\200@\0;\303uM\2135\4\200@\0\277\5\1\0\0\353\319]\20uBS\215\205\364\376\377\377P\377u\374\350\271\377\377\377\205\300u\22W\215\205\364\376\377\377PS\377u\374\377\326\205\300t\325\377u\374\377\25 \200@\0\377u\14\377u\10\377\25\0\200@\0_^[\311\302\14\0\377u\374\377\25 \200@\03\300@\353\353U\213\354\241\304\300@\0\213@\4\205\300VWt\4\213\370\353\14\213=ddB\0\201\307\1\0\0\200\215E\10P\377u\10j\0j"^", ) ^", ) == 0x0
 00730   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\0\367\330\33\300\367\320#E\10_^]\302\4\0U\213\354\201\354\244\1\0\0\241\340cB\0\203e\364\0\203e\374\0SV\213u\10Wj\10Y\215}\304\363\245\213U\314\213u\310\215M\310\211\15\304\300@\0\213M\304\211E\360\213\332\301\343\12\213\306\301\340\12\203\301\376\201\303\0pB\0\203\371B\215\270\0pB\0\17\207g\33\0\0\377$\215\3441@\0Vh\264\210@\0\350\317J\0\0\213E\310YY\351V\33\0\03\366\350z\376\377\377Ph\244\210@\0\350\263J\0\0YYV\377u\310\350\3739\0\0\351\244\27\0\0\377\5\264[B\0\203}\360\0\17\204\224\27\0\0j\0\377\25\200\201@\0\351\207\27\0\0\205\366}\25\271\0pB\0+\310\201\351\0\4\0\0Q\350\227H\0\0\353\2\213\306\215p\377Vh\230\210@\0\350]J\0\0YYj\0V\350\356\374\377\377\351\337\32\0\0\205\322t)\366\302\10t\17\241\10\240@\0\243@\240@\0\351\274\32\0\0\241@\240@\0\243\10\240@\0\211\25@\240@\0\351\247\32\0\03\366\350\326\375\377\377Ph\210\210@\0\350\17J\0\0YYV\377u\310\350W9\0\0\351\205\32\0\03\311\350\236\375\377\377\213\360Vh|\210@\0\350\353I\0\0\203\376\1YY\177\33\366FV\377\25\260\200@\0\351[\32\0\0hl\210@\0\350\313I\0\0Y\377u\360\377\25$\202@\0\351B\32\0\03\311A\350Z\375\377\377\213M\310\211\4\215`dB\0\351+\32\0\0\213M\320\213U\3243\300\215\14\215`dB\09\1\17\224\300!\21\213D\205\310\351\27\32\0\0\3774\225`dB\0W\351\225\31\0\0\241\300[B\0\205\300\213=(\202@\0t\7RP\377\327\213u\310\241\254[B\0\205\300\17\204\334\31", ) , ) == 0x0
 00731   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\360^\350\1\375\377\377\377u\314\213\360VhL\210@\0\3505I\0\0\203\304\14\377u\314V\377\25\254\200@\0\205\300\17\205\246\31\0\0h0\210@\0\307E\374\1\0\0\0\350\17I\0\0\351i\30\0\0j\360^\350\276\374\377\377\377u\314\213\360Vh\24\210@\0\350\362H\0\0\203\304\14\200>\0t\21V\350\231J\0\0\205\300u\7\307E\374\1\0\0\0\203}\314\0t\36j\346\350a\374\377\377Vh\0\310B\0\350rG\0\0V\377\25\250\200@\0\351;\31\0\0j\365\351\336\16\0\03\366\350c\374\377\377\213\360V\350\273H\0\0\205\300t\26\377u\314Vh\350\207@\0\350\215H\0\0\203\304\14\351]\10\0\0\377u\320Vh\264\207@\0\350wH\0\0\203\304\14\213E\320\351\375\30\0\0j\320^\350 \374\377\377j\337^\211E\10\350\25\374\377\377\377u\10\273\210\250@\0S\213\370\350\372F\0\0W\350\372F\0\0\377u\10\213\360\350\360F\0\0\3\360\201\376\375\3\0\0}\22\2135\244\200@\0h\260\207@\0S\377\326WS\377\326Sh\244\207@\0\350\22H\0\0YYW\377u\10\377\25\240\200@\0\205\300t\7j\343\351+\16\0\0\203}\320\0t'\377u\10\350\11H\0\0\205\300t\33W\377u\10\350\353I\0\0j\344\350n\373\377\377Sh\214\207@\0\351'\27\0\0S\307E\374\1\0\0\0hx\207@\0\351\25\27\0\03\366\350q\373\377\377\213\360\215E\10PS\277\0\4\0\0WV\377\25\234\200@\0\205\300t$\213E\10;\306v'\2008\0t"V\350\247G\0\0\205\300t\16\203\300,P\377u\10\350,F\0\0\353\12\307E\374\1\0\0\0\306\3\0\203}\320\0\17\205\353\27\0\0WSS\377\25\230\200@\0\351\335\27\0", ) V\350\247G\0\0\205\300t\16\203\300,P\377u\10\350,F\0\0\353\12\307E\374\1\0\0\0\306\3\0\203}\320\0\17\205\353\27\0\0WSS\377\25\230\200@\0\351\335\27\0", ) == 0x0
 00732   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "QWh\0\4\0\0j\0Pj\0\377\25\224\200@\0\205\300\17\205\270\27\0\0\307E\374\1\0\0\0\306\7\0\351\251\27\0\0j\357^\350\327\372\377\377PW\350qD\0\0\205\300\17\205\222\27\0\0\307E\374\1\0\0\0\351\206\27\0\0\203\346\7\366\5EdB\0\4\211u\10u\30j1^\350\245\372\377\377\213\330S\211]\360\350\225E\0\0\351\235\0\0\0j6^\350\215\372\377\377\213\330S\211]\360\350}E\0\0\3775\260\1B\0\213\360\350pE\0\0\215L0\1\270\5\1\0\0;\310r\17\3775\260\1B\0\350XE\0\0\215D0\1P\350\6C\0\0\213\370\205\377\211}\364\17\204\213\23\0\0\3775\260\1B\0W\350/E\0\0SW\377\25\244\200@\0W\350'E\0\0\215t8\377\353\17\200>\t\16VW\377\25,\202@\0\213\360;\367w\355W\306\6\0\350\3H\0\0\205\300\17\204G\23\0\0WS\306\6\\350\355D\0\0\213E\310\301\370\3S\203\340\2P\377u\10h<\207@\0\350$F\0\0\203\304\20S\350\265B\0\0\205\300\276\210\244@\0St\10V\350\274D\0\0\353\30h\0\310B\0V\350\257D\0\0P\350RF\0\0P\377\25\244\200@\0V\350\250D\0\0\273\210\250@\0\277\210\254@\0\203}\10\3|1V\350\361E\0\03\311\205\300t\20\215M\324Q\203\300\24P\377\25\220\200@\0\213\310\213E\10\203\300\375\15\0\0\0\200#\301\367\330\33\300@\211E\10\203}\10\0u\22V\377\25\214\200@\0\203\340\376PV\377\25\254\200@\03\300\203}\10\1\17\225\300@Ph\0\0\0@V\350\252B\0\0\203\370\377\211E\370\17\205\267\0\0\0\203}\10\0uoVh \207@\0\350_E\0\0YYh\0pB\0", ) , ) == 0x0
 00733   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\350\370C\0\0\377u\334S\350\251I\0\0Wh\0pB\0\350\344C\0\0\213E\310\301\370\3PS\350SA\0\0\203\350\4u\20h\10\207@\0\350\27E\0\0Y\3510\377\377\377Ht?h\360\206@\0\350\4E\0\0YVj\372\351N\372\377\377\377u\360j\342\350D4\0\0\203}\10\2u\6\377\5hdB\0\377u\10Vh\310\206@\0\350\327D\0\0\203\304\14\351F\25\0\0h\254\206@\0\350\305D\0\0\377\5hdB\0Y\351H\25\0\0\377u\360j\352\350\24\0\0\377\5@\240@\03\333SS\377u\370\377u\320\350y\31\0\0\377\15@\240@\0\213\370VWh\224\206@\0\350\206D\0\0\203\304\14\203}\324\377u\6\203}\330\377t\17\215E\324PSP\377u\370\377\25\210\200@\0\377u\370\377\25\204\200@\0;\373\17\215\316\24\0\0\203\377\376u\24j\351V\350\265H\0\0\377u\360V\377\25\244\200@\0\353\10j\356V\350\241H\0\0Vh\220\206@\0\350+D\0\0YYh\20\0 \0V\350K@\0\0\351\32\21\0\03\366\350\316\367\377\377\213\360Vh\200\206@\0\353Vj1^\350\274\367\377\377\213\360V\377u\310hl\206@\0\350\360C\0\0\203\304\14\377u\310V\350\21@\0\0\205\300\17\204\320\374\377\377;E\320\17\204R\1\0\0;E\330\17\205P\24\0\0\213E\334\351S\24\0\0j\360^\350v\367\377\377\213\360Vh`\206@\0\350\255C\0\0YY\377u\314V\350, ) , ) == 0x0
 00734   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\330\17\210\313\23\0\0;\330~\2\213\330\3\363VW\350\347A\0\0\213u\10\205\366\17\204\261\23\0\0}\21W\350\332A\0\0\3\360y\7\203e\10\0\213u\10\201\376\0\4\0\0\17\215\222\23\0\0\306\4>\0\351\211\23\0\0j ^\350\267\366\377\377j1^\213\370\350\255\366\377\377PW\377\25\200\200@\0\205\300ud\351l\372\377\3773\366F\350\224\366\377\377\203}\320\0h\0\4\0\0WPt\21\377\25|\200@\0\205\300u\15\211u\374\210\7\353\6\377\25x\200@\0\306\207\377\3\0\0\0\351.\23\0\03\311\350G\366\377\3773\311A\213\360\350=\366\377\377\203}\334\0u\14;\360|\14\17\216\23\372\377\377\353\22;\360s\10\213E\324\351\12\23\0\0\17\206\377\371\377\377\213E\330\351\374\22\0\03\333C\213\313\350\7\366\377\377j\2Y\213\360\350\375\365\377\377\213\310\213E\324\203\370\14wh\377$\205\3602@\0\3\361\353]+\361\353Y\17\257\316\213\361\353R\205\311tA\213\306\231\367\371\213\360\353E\13\361\353A#\361\353=3\361\35393\300\205\366\17\224\300\353\347\205\366u\16\353\103\366\353&\205\366t\370\205\311t\364\213\363\353\32\205\311t\11\213\306\231\367\371\213\362\353\153\366\211]\374\353\6\323\346\353\2\323\376V\351`\370\377\3773\366F\350\223\365\377\377j\2Y\213\360\350s\365\377\377PVW\377\250\202@\0\3512\13\0\0\213E\320\205\300\2135\200\244@\0tPH\205\366t\12\205\300\2136u\365\205\366u\24\377u\320hD\206@\0\350\226A\0\0YY\351d\10\0\0\215~\4W\276\210\244@\0V\3501@\0\0\241\200\244@\0\203\300\4PW\350"@\0\0\241\200\244@\0V\203\300\4P\351\373\20\0\0\205\322t+\205\366u\20h0", ) @\0\0\241\200\244@\0V\203\300\4P\351\373\20\0\0\205\322t+\205\366u\20h0", ) == 0x0
 00735   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\377\377\215F\4PW\350\361?\0\0\213\6\243\200\244@\0V\351\263\21\0\0h\4\4\0\0\350\230=\0\0\377u\310\213\360\215F\4P\350\206E\0\0\241\200\244@\0\211\6\2115\200\244@\0\351\217\21\0\0j3^\350\275\364\377\377jD^\211E\364\350\262\364\377\3773\366F\366E\334\1\211E\10u\13\377u\364\350\12?\0\0\211E\364\366E\334\2u\13\377u\10\350\371>\0\0\211E\10\203}\304!uH\213\316\350g\364\377\377j\2Y\213\360\350]\364\377\377\213M\334\301\371\2t\37\215U\370RQj\0\377u\10\377u\364PV\377\254\202@\0\367\330\33\300@\211E\374\353@\377u\10\377u\364PV\377\25x\202@\0\353-\3507\364\377\377j\22^\213\330\350-\364\377\377\212\10\366\331\33\311#\310\212\3\366\330Q\33\300#\303P\377u\10\377u\364\377\258\202@\0\211E\370\203}\310\0\17\214\314\20\0\0\377u\370\351\277\366\377\3773\311\350\335\363\377\377P\377\25<\202@\0\205\300\17\204\264\367\377\377\213E\314\351\261\20\0\0j\2Y\350\276\363\377\3773\311PA\350\265\363\377\377P\377\25@\202@\0\351t\374\377\377\241(dB\0\3\302Pj\3533\311\350\230\363\377\377P\377\25D\202@\0\351l\20\0\0R\377u\360\377\25@\202@\0\213\370\215E\254PW\377\25h\202@\0\213E\270\17\257E\320j\20P\213E\264\17\257E\320P3\333S3\366\350o\363\377\377PS\377\25H\202@\0PShr\1\0\0W\377\25x\202@\0;\303\17\204\33\20\0\0P\377\25@\200@\0\351\17\20\0\0jHjZ\377u\360\377\25L\202@\0P\377\25<\200@\0Pj\2Y\350\22\363\377\377P\377\25$\201@\0j\3\367\330Y\243\210\300@\0\350\374\362", ) , ) == 0x0
 00736   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\330\212\310\200\341\1\210\15\234\300@\0\212\310\200\341\2$\4h\244\300@\0\210\15\235\300@\0\242\236\300@\0\306\5\237\300@\0\1\350\210C\0\0h\210\300@\0\377\25H\200@\0\351~\373\377\3773\311\350\254\362\377\3773\311A\213\360\350\242\362\377\377\203}\320\0\213\370t\13h$\206@\0\350\352>\0\0Y\203}\324\0WVu\13\377\25(\202@\0\351\\17\0\0\377\25P\202@\0\351Q\17\0\03\366\350\200\362\377\377j1^\213\370\350v\362\377\377j"^\213\330\350l\362\377\377SWh\34\206@\0h\210\250@\0\213\360\377\250\202@\0\203\304\20j\354\350'\362\377\377\212\6\377u\324\366\330h\0\310B\0\33\300#\306P\212\7\366\330S\33\300#\307P\377u\360\377\25d\201@\0\203\370!}\26PVSWh\340\205@\0\350[>\0\0\203\304\24\351G\367\377\377VSWh\254\205@\0\350F>\0\0\203\304\20\351\304\16\0\03\366\350\363\361\377\377\213\360Vh\230\205@\0\350*>\0\0YYVj\353\350s-\0\0h\0\310B\0V\350\3129\0\0\205\300\211E\10V\17\204\214\0\0\0h\200\205@\0\350\377=\0\0\203}\320\0YYtrjd\377u\10\377\25t\200@\0\276\2\1\0\0;\306u3\213=T\202@\0\353\12\215E\240P\377\25X\202@\0j\1j\17j\17\215E\240j\0P\377\327\205\300u\344jd\377u\10\377\25t\200@\0;\306t\337\215E\350P\377u\10\377\25p\200@\0\203}\314\0|\13\377u\350S\350\243;\0\0\353\15\203}\350\0t\7\307E\374\1\0\0\0\377u\10\351\336\7\0\0\307E\374\1\0\0\0h\\205@\0\351\305\14\0\0j\2^\350 \361\377\377P\350z=\0\0\213\360\205\366t\21", ) ^\213\330\350l\362\377\377SWh\34\206@\0h\210\250@\0\213\360\377\250\202@\0\203\304\20j\354\350'\362\377\377\212\6\377u\324\366\330h\0\310B\0\33\300#\306P\212\7\366\330S\33\300#\307P\377u\360\377\25d\201@\0\203\370!}\26PVSWh\340\205@\0\350[>\0\0\203\304\24\351G\367\377\377VSWh\254\205@\0\350F>\0\0\203\304\20\351\304\16\0\03\366\350\363\361\377\377\213\360Vh\230\205@\0\350*>\0\0YYVj\353\350s-\0\0h\0\310B\0V\350\3129\0\0\205\300\211E\10V\17\204\214\0\0\0h\200\205@\0\350\377=\0\0\203}\320\0YYtrjd\377u\10\377\25t\200@\0\276\2\1\0\0;\306u3\213=T\202@\0\353\12\215E\240P\377\25X\202@\0j\1j\17j\17\215E\240j\0P\377\327\205\300u\344jd\377u\10\377\25t\200@\0;\306t\337\215E\350P\377u\10\377\25p\200@\0\203}\314\0|\13\377u\350S\350\243;\0\0\353\15\203}\350\0t\7\307E\374\1\0\0\0\377u\10\351\336\7\0\0\307E\374\1\0\0\0h\\205@\0\351\305\14\0\0j\2^\350 \361\377\377P\350z=\0\0\213\360\205\366t\21", ) == 0x0
 00737   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\351\310\363\377\377\306\7\0\306\3\0\3510\366\377\377j\356\215E\254^\211E\10\350\352\360\377\377\215M\300QP\211E\354\350YP\0\0\213\360\205\366\306\7\0\306\3\0\307E\374\1\0\0\0\17\204\220\15\0\0V\350s9\0\0\205\300\211E\350\17\204\177\15\0\0PVj\0\377u\354\350\37P\0\0\205\300t5\215E\354P\215E\10PhX\205@\0\377u\350\350\0P\0\0\205\300t\34\213E\10\377p\10W\350\323:\0\0\213E\10\377p\14S\350\307:\0\0\203e\374\0\377u\350\351,\15\0\03\377Gh\1\200\0\0\211}\374\377\25l\200@\0\203=\220dB\0\0\17\214+\1\0\0j\360^\350B\360\377\377\213\367\211E\10\3508\360\377\377\203}\330\0\211E\370t\20\377u\10\377\25h\200@\0\205\300\211E\364uU\2135d\200@\03\377WW\215E\354Ph\0\4\0\0\377\326\213\35`\200@\0PW\277\0\23\0\0W\377\323\377u\10j\366\350\207+\0\0\377u\354\377u\10h4\205@\0\350$<\0\0\203\304\14\377u\10\377\25\300\200@\0\205\300\211E\364t}3\377G\377u\370\377u\364\377\25,\201@\0\213\3603\333;\363t99]\320\211]\374t\23\377u\320\350\177\357\377\377\377\326\205\300t@\211}\374\353;h\0\240@\0h\200\244@\0h\0pB\0h\0\4\0\0\377u\360\377\326\203\304\24\353\35\377u\370j\367\350\12+\0\0\377u\10\377u\370h\10\205@\0\350\247;\0\0\203\304\149]\324uN\377u\364\377\250\201@\0\353Cj\0j\0\215E\354Ph\0\4\0\0\377\326Pj\0W\377\323j\366\350\15\357\377\377\377u\354\377u\10h\324\204@\0\350h;\0\0\203\304\14\353\22j\347\350\361\356\377\377h\244\204@", ) , ) == 0x0
 00738   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\200@\0\351\312\13\0\0j\360^\350\370\356\377\377j\337^\211E\370\350\355\356\377\377j\2^\213\370\350\343\356\377\377j\315^\211E\300\350\330\356\377\377jE^\211E\350\350\315\356\377\377W\211E\354\350\2427\0\0\205\300u\10j!^\350\270\356\377\377\213E\330\213\310\301\371\20Q\17\266\314Q\276\377\0\0\0#\306P\377u\350\377u\300W\377u\370h`\204@\0\350\323:\0\0\203\304 \215E\10Ph\334\215@\0j\1j\0h\354\215@\0\377\25\230\202@\0\205\300\17\214\323\0\0\0\213E\10\213\10\215U\364Rh\374\215@\0P\377\21\213\330\205\333\17\214\253\0\0\0\213E\10\213\10WP\377QP\213\330\213E\10\213\10h\0\310B\0P\377Q$\213M\330\213\301\301\370\10#\306t\15\213M\10\213\21PQ\377R<\213M\330\213E\10\213\20\301\371\20QP\377R4\213M\350\2009\0t\20\213}\330\213E\10\213\20#\376WQP\377RD\213E\10\377u\300\213\10P\377Q,\213E\10\377u\354\213\10P\377Q\343\300;\330|,h\0\4\0\0\276\210\270@\0Vj\377\377u\370f\243\210\270@\0PP\377\254\201@\0\213E\364\213\10j\1VP\377Q\30\213\330\213E\364\213\10P\377Q\10\213E\10\213\10P\377Q\10\205\333}\13\307E\374\1\0\0\0j\360\353\2j\364\350`\355\377\377\351L\12\0\03\366\350{\355\377\377j\21^\213\330\350q\355\377\377\213\360VShD\204@\0\350\2479\0\0\213E\360\203\304\14S\211E\240\307E\244\2\0\0\0\350H8\0\0V\306D\30\1\0\350=8\0\0j\370\277\210\254@\0W\306D0\1\0\350\337=\0\0VW\377\25\244\200@\0f\213E\320Wj\0\211]\250\211u\254\211}\272f\211E\260", ) , ) == 0x0
 00739   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\201@\0\205\300\17\204\307\11\0\0j\0j\371\350\213(\0\0\351'\362\377\377\201\376\15\360\255\13t\24h\20\0 \0j\350j\0\350\210=\0\0P\351\364\364\377\377\377\5tdB\0\351\222\11\0\03\366h<\204@\0\273\210\250@\0S\211u\300\211u\350\211u\10\350\2427\0\0S\277\210\254@\0W\350\2267\0\09u\310t\10\350\227\354\377\377\211E\300\203}\314\0t\13j\21^\350\206\354\377\377\211E\350\203}\330\0t\13j"^\350u\354\377\377\211E\10j\315^\350j\354\377\377\213\360VWSh\210\244@\0h\30\204@\0\350\2328\0\0\203\304\24V\377u\10\377u\350\377u\300\377\258\201@\0\351n\361\377\3773\366F\307E\10!N~\0\350/\354\377\377j\22^\213\330\350%\354\377\377j\335^\211E\354\350\32\354\377\377Ph\377\3\0\0W\215E\10P\377u\354S\377\25@\201@\0\213\7;E\10\351\7\361\377\377\203}\330\0uDj\2\350\255\354\377\377\213\370\205\377\17\204\34\361\377\377j3^\350\334\353\377\377\213\360VW\377\25\20\200@\0Vh\210\254@\0\377u\314\213\330h\374\203@\0\350\18\0\0\203\304\20W\377\25 \200@\0\353"^\350\251\353\377\377\213\360V\377u\314h\350\203@\0\350\3357\0\0\213E\314\203\304\14\205\300u\12\241ddB\0\5\1\0\0\200\213M\330\203\341\2QVP\350\257\353\377\377\213\330\205\333\17\2047\10\0\0\351\240\360\377\3773\333;\363t\5\211u\10\353\15\241ddB\0\5\1\0\0\200\211E\10\213E\330\211E\370\213E\334j\2^\211E\354\350<\353\377\377j\21^\211E\364\3501\353\377\377S\215M\350QSj\2SSSP\377u\10\211E\360\307E\374\1\0\0\0\377\25\24\200", ) ^\350u\354\377\377\211E\10j\315^\350j\354\377\377\213\360VWSh\210\244@\0h\30\204@\0\350\2328\0\0\203\304\24V\377u\10\377u\350\377u\300\377\258\201@\0\351n\361\377\3773\366F\307E\10!N~\0\350/\354\377\377j\22^\213\330\350%\354\377\377j\335^\211E\354\350\32\354\377\377Ph\377\3\0\0W\215E\10P\377u\354S\377\25@\201@\0\213\7;E\10\351\7\361\377\377\203}\330\0uDj\2\350\255\354\377\377\213\370\205\377\17\204\34\361\377\377j3^\350\334\353\377\377\213\360VW\377\25\20\200@\0Vh\210\254@\0\377u\314\213\330h\374\203@\0\350\18\0\0\203\304\20W\377\25 \200@\0\353"\201@\0\205\300\17\204\307\11\0\0j\0j\371\350\213(\0\0\351'\362\377\377\201\376\15\360\255\13t\24h\20\0 \0j\350j\0\350\210=\0\0P\351\364\364\377\377\377\5tdB\0\351\222\11\0\03\366h<\204@\0\273\210\250@\0S\211u\300\211u\350\211u\10\350\2427\0\0S\277\210\254@\0W\350\2267\0\09u\310t\10\350\227\354\377\377\211E\300\203}\314\0t\13j\21^\350\206\354\377\377\211E\350\203}\330\0t\13j"^\350u\354\377\377\211E\10j\315^\350j\354\377\377\213\360VWSh\210\244@\0h\30\204@\0\350\2328\0\0\203\304\24V\377u\10\377u\350\377u\300\377\258\201@\0\351n\361\377\3773\366F\307E\10!N~\0\350/\354\377\377j\22^\213\330\350%\354\377\377j\335^\211E\354\350\32\354\377\377Ph\377\3\0\0W\215E\10P\377u\354S\377\25@\201@\0\213\7;E\10\351\7\361\377\377\203}\330\0uDj\2\350\255\354\377\377\213\370\205\377\17\204\34\361\377\377j3^\350\334\353\377\377\213\360VW\377\25\20\200@\0Vh\210\254@\0\377u\314\213\330h\374\203@\0\350\18\0\0\203\304\20W\377\25 \200@\0\353"^\350\251\353\377\377\213\360V\377u\314h\350\203@\0\350\3357\0\0\213E\314\203\304\14\205\300u\12\241ddB\0\5\1\0\0\200\213M\330\203\341\2QVP\350\257\353\377\377\213\330\205\333\17\2047\10\0\0\351\240\360\377\3773\333;\363t\5\211u\10\353\15\241ddB\0\5\1\0\0\200\211E\10\213E\330\211E\370\213E\334j\2^\211E\354\350<\353\377\377j\21^\211E\364\3501\353\377\377S\215M\350QSj\2SSSP\377u\10\211E\360\307E\374\1\0\0\0\377\25\24\200", ) , ) == 0x0
 00740   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\203}\370\1\277\210\254@\0u(j#^\350\365\352\377\377W\350\3525\0\0W\377u\364\213\360\377u\360F\377u\10h\310\203@\0\350\347\0\0\203\304\24\203}\370\4u'j\3Y\350\261\352\377\377j\4^P\377u\364\243\210\254@\0\377u\360\377u\10h\244\203@\0\350\3576\0\0\203\304\24\203}\370\3u(h\0\14\0\0WS\377u\324\350\266\13\0\0\213\360V\377u\364\377u\360\377u\10h|\203@\0\350\3016\0\0\203\304\24VW\377u\354S\377u\364\377u\350\377\25\30\200@\0\205\300u\3\211]\374\377u\350\351\343\0\0\0\377u\360\377u\10hX\203@\0\350\2156\0\0\203\304\14\351\13\7\0\0h\31\0\2\0\350\366\352\377\377j3^\213\330\350-\352\377\3773\366;\336\306\7\0\17\204X\357\377\377\215M\354QW\215M\10QVPS\307E\354\0\4\0\0\377\25\34\200@\03\311A\205\300u.\203}\10\4t\229M\10t\6\203}\10\2u\359u\330t\36\353\319u\330u\7\307E\374\1\0\0\0\3777W\350'4\0\0\353\6\306\7\0\211M\374S\353Sh\31\0\2\0\350~\352\377\377j\3Y\213\360\350\237\351\377\3773\322;\362\306\7\0\17\204\340\356\377\3779U\330\271\377\3\0\0\211M\10t\14QWPV\377\25\4\200@\0\353\21RRRR\215M\10QWPV\377\25\14\200@\0\306\207\377\3\0\0\0V\377\25 \200@\0\3515\6\0\0\200?\0\17\204,\6\0\0W\350\3103\0\0P\377\25\204\200@\0\351\32\6\0\0j\355^\350H\351\377\377\377u\320\377u\314P\350\2562\0\0\203\370\377\17\205\350\361\377\377\306\7\0\351c\356\377\377\203}\320\0t\223\311A\350\7\351\377\377\242\210\250@\03\300@\353", ) , ) == 0x0
 00741   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "4\0\0\200?\0\17\2044\356\377\377j\0\215M\10QPh\210\250@\0W\350V3\0\0P\377\25D\201@\0\351\16\356\377\377j\2Y3\366\350\276\350\377\377\203\370\1\211E\370\17\214\222\5\0\0\271\377\3\0\0;\301~\3\211M\370\200?\0\17\204\211\0\0\0W\306E\13\0\350\253\0\0\203}\370\0\213\370~wj\0\215E\354Pj\1\215E\347PW\377\25H\201@\0\205\300t`\203}\354\1uZ\203}\324\0u!\200}\13\15t+\200}\13\12t%\212E\347\210\4\36F\204\300\210E\13t:;u\370|\276\3533\17\266E\347PS\350\2452\0\0\351 \5\0\0\212E\3478E\13t\16<\15t\4<\12u\6\210\4\36F\353\15j\1j\0j\377W\377\25L\201@\0\306\4\36\0\205\366\351Q\355\377\377\200?\0\17\204\340\4\0\0\377u\324j\0j\2Y\350\363\347\377\377PW\350n2\0\0P\377\25L\201@\0\203}\314\0\17\214\273\4\0\0\351J\4\0\0\200?\0\17\204\255\4\0\0W\350I2\0\0P\377\25P\201@\0\351\233\4\0\0\200;\0\17\204\332\354\377\377\215\205\\376\377\377PS\350'2\0\0P\377\25T\201@\0\205\300\17\204\276\354\377\377\215\205\210\376\377\377PW\351|\3\0\0j\2^\350\227\347\377\377\215\215\\376\377\377QP\377\25X\201@\0\203\370\377u\10\306\3\0\351I\376\377\377PS\350\3101\0\0\353\3073\366\307E\300f\375\377\377\350e\347\377\377!u\350\366\5EdB\0\4\213=\244\200@\0\211E\10\17\204\247\0\0\0P\350A2\0\0\3775\260\1B\0\213\360\35042\0\0\215L0\1\270\5\1\0\0;\310r\17\3775\260\1B\0\350\342\0\0\215D0\1P\350\312/\0\0\213\330\205", ) , ) == 0x0
 00742   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "S\350\3671\0\0j\\377u\10\350\3033\0\0\205\300t\4@P\353\3\377u\10S\377\327S\350\3371\0\0\215t\30\377\353\17\200>\t\21VS\377\25,\202@\0\213\360;\363\211u\350w\352S\306\6\0\350\2704\0\0\205\300u\12\270\377\377\377\177\351\206\3\0\0S\377u\10\306\6\\350\2321\0\0\377u\10\350{/\0\0\205\300\377u\10\273\210\250@\0t\10S\350\2001\0\0\353\24h\0\304B\0S\350s1\0\0P\350\263\0\0P\377\327S\350p1\0\0j\2h\0\0\0@S\350\324/\0\0\203\370\377\211E\370\17\204\254\0\0\0\241HdB\0P\211E\354\350\373.\0\0\205\300\211E\360\17\204\212\0\0\0j\0\3507\5\0\0\377u\354\377u\360\350\372\4\0\0\377u\320\350\326.\0\0\213\360\205\366\211u\300t9\377u\320Vj\0\377u\314\350/\7\0\0\353\33\213\16\213F\4Q\211M\264\213M\360\203\306\10V\3\301P\350D/\0\0\3u\264\200>\0u\340\377u\300\377\25<\201@\03\366V\215E\234P\377u\354\377u\360\377u\370\377\25D\201@\0\377u\360\377\25<\201@\0VV\377u\370j\377\350\331\6\0\0\211E\300\377u\370\377\25\204\200@\0S\377u\300h8\203@\0\350\3401\0\0\203\304\14\203}\300\0j\363^}\21j\357^S\377\25(\201@\0\307E\374\1\0\0\0V\350R\345\377\377\366\5EdB\0\4\17\204'\2\0\0\213E\350\213u\10h0\203@\0V\306\0\0\377\327\3775\260\1B\0V\377\327h(\203@\0V\377\327\377u\364V\377\327\377u\364V\3504-\0\0\205\300\211E\10Vtuh\10\203@\0\350m1\0\0\213=t\200@\0YYjd\377u\10\377\327\276\2\1\0\0;", ) , ) == 0x0
 00743   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "E\240P\377\25X\202@\0j\1j\17j\17\215E\240j\0P\377\323\205\300u\344jd\377u\10\377\327;\306t\343\215E\354P\377u\10\377\25p\200@\0\203}\354\0t\3\377E\374\377u\10\377\25\204\200@\0\351y\1\0\0\377E\374h\314\202@\0\350\3650\0\0YY\351e\1\0\0\205\366t5Rh\264\202@\0\350\3370\0\0\213E\314Ph\240\202@\0\243x?B\0\350\3140\0\0\203\304\20\203}\314\0\17\204E\1\0\0\350W\20\0\0\351;\1\0\03\366F\350i\344\377\377Ph\220\206@\0\350\2420\0\0YY\351!\1\0\03\311\350:\344\377\377\213\370;=\14dB\0\17\203z\351\377\377\213E\320\213\367i\366\30\4\0\0\35\10dB\0\205\300|\27\213\14\206u\17\203\306\30VS\350\23/\0\0\351\343\0\0\0Q\353u\203\311\377+\310\211M\320t\153\311A\350\356\343\377\377\211E\314\353\20\377u\330\215F\30P\350\2424\0\0\200N\11\1\213E\320\213M\314\211\14\206\203}\324\0\17\204\246\0\0\0W\350K\340\377\377\351\233\0\0\03\311\350\264\343\377\377\203\370 \17\203\371\350\377\3773\3119M\324t!9M\320t\15P\350O\341\377\377\350@\341\377\377\353rQ\350\215\341\377\377PS\350\356-\0\0\353c9M\320t\22\213M\314\213\25\350cB\0\211\214\202\224\0\0\0\353L\213\15\350cB\0\377\264\201\224\0\0\0S\350\364\0\0\3537\241\350)B\0j\0#\306Pj\13\377u\360\377\25x\202@\0\203}\310\0t\34j\0j\0\377u\360\377\25\\202@\0\203}\364\0t\11\377u\364\377\25<\201@\0\213E\374\1\5hdB\03\300_^[\311\302\4\0r\26@\0\207\26@\0\251\26@\0\306\26@\0", ) , ) == 0x0
 00744   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\323\27@\0\377\27@\0B\30@\0\236\30@\0\220\27@\0\247\27@\0\306\27@\0\340\30@\0\220\31@\0\365\31@\0)\32@\0L\32@\03\35@\0D\35@\0\212\35@\0\257\35@\0\303\35@\0I\36@\0l\36@\0\244\36@\0\341\36@\0m\37@\0\215\37@\0C @\0C @\0\16!@\0,!@\0I!@\0f!@\0\303!@\0?"@\0\201"@\0\16#@\0\340#@\0\20$@\0\240$@\0\10&@\0\206'@\0\31(@\0@(@\0\312(@\0\15)@\0\240)@\0\307*@\0?+@\0\235+@\0\270+@\0\335+@\0*,@\0\351,@\0\34-@\07-@\0i-@\0\225-@\0^0@\0\2610@\071@\0\3221@\0\3221@\0\2331@\0\6\37@\0\12\37@\0\16\37@\0\25\37@\0"\37@\0&\37@\0*\37@\0.\37@\07\37@\0A\37@\0M\37@\0a\37@\0e\37@\0\213D$\10=\20\1\0\0U\213l$\10V\276\23\1\0\0u\33j\0h\372\0\0\0j\1U\377\25\210\201@\0\213D$\30\243\224\301A\0\213\306;\306uw\213\15\220\301A\0\241\230\301A\0;\310|\2\213\310SWPjdQ\377\25$\201@\0\213=0\202@\0\213\330\241\224\301A\0\205\300\276\310\300@\0t%SPV\377\327\203\304\14VU\377\25\204\201@\0Vh\6\4\0\0U\350\257)\0\0j\5U\377\25(\202@\0\366\5@\240@\0\1t\24Sh\300\210@\0V\377\327\203\304\14Vj\0\350\321\34\0\0_[^3\300]\302\20\0U\213\354V\213u\14j\0\215E\14PV\377u\10\3775\14\240@\0\377\25H\201@\0", ) @\0\201 (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\323\27@\0\377\27@\0B\30@\0\236\30@\0\220\27@\0\247\27@\0\306\27@\0\340\30@\0\220\31@\0\365\31@\0)\32@\0L\32@\03\35@\0D\35@\0\212\35@\0\257\35@\0\303\35@\0I\36@\0l\36@\0\244\36@\0\341\36@\0m\37@\0\215\37@\0C @\0C @\0\16!@\0,!@\0I!@\0f!@\0\303!@\0?"@\0\201"@\0\16#@\0\340#@\0\20$@\0\240$@\0\10&@\0\206'@\0\31(@\0@(@\0\312(@\0\15)@\0\240)@\0\307*@\0?+@\0\235+@\0\270+@\0\335+@\0*,@\0\351,@\0\34-@\07-@\0i-@\0\225-@\0^0@\0\2610@\071@\0\3221@\0\3221@\0\2331@\0\6\37@\0\12\37@\0\16\37@\0\25\37@\0"\37@\0&\37@\0*\37@\0.\37@\07\37@\0A\37@\0M\37@\0a\37@\0e\37@\0\213D$\10=\20\1\0\0U\213l$\10V\276\23\1\0\0u\33j\0h\372\0\0\0j\1U\377\25\210\201@\0\213D$\30\243\224\301A\0\213\306;\306uw\213\15\220\301A\0\241\230\301A\0;\310|\2\213\310SWPjdQ\377\25$\201@\0\213=0\202@\0\213\330\241\224\301A\0\205\300\276\310\300@\0t%SPV\377\327\203\304\14VU\377\25\204\201@\0Vh\6\4\0\0U\350\257)\0\0j\5U\377\25(\202@\0\366\5@\240@\0\1t\24Sh\300\210@\0V\377\327\203\304\14Vj\0\350\321\34\0\0_[^3\300]\302\20\0U\213\354V\213u\14j\0\215E\14PV\377u\10\3775\14\240@\0\377\25H\201@\0", ) \37@\0&\37@\0*\37@\0.\37@\07\37@\0A\37@\0M\37@\0a\37@\0e\37@\0\213D$\10=\20\1\0\0U\213l$\10V\276\23\1\0\0u\33j\0h\372\0\0\0j\1U\377\25\210\201@\0\213D$\30\243\224\301A\0\213\306;\306uw\213\15\220\301A\0\241\230\301A\0;\310|\2\213\310SWPjdQ\377\25$\201@\0\213=0\202@\0\213\330\241\224\301A\0\205\300\276\310\300@\0t%SPV\377\327\203\304\14VU\377\25\204\201@\0Vh\6\4\0\0U\350\257)\0\0j\5U\377\25(\202@\0\366\5@\240@\0\1t\24Sh\300\210@\0V\377\327\203\304\14Vj\0\350\321\34\0\0_[^3\300]\302\20\0U\213\354V\213u\14j\0\215E\14PV\377u\10\3775\14\240@\0\377\25H\201@\0", ) == 0x0
 00745   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\353\23\300^]\302\10\0j\0j\0\377t$\14\3775\14\240@\0\377\25L\201@\0\302\4\0\203\354$SUVW3\377\211|$\20\377\25\264\200@\0\2135\240\1B\0+5\254\1B\0\213\330\3t$8\201\303\364\1\0\0;\367\17\216\276\1\0\0\3775\250\1B\0\350\253\377\377\377WW\3775\254\1B\0\3775\20\240@\0\377\25L\201@\0\2115\230\301A\0\211=\220\301A\0\241\244\1B\0+\5\250\1B\0\275\0@\0\0;\305\177\2\213\350U\276\240\301A\0V\3507\377\377\377\205\300\17\204u\1\0\0\1-\250\1B\0\2115 AA\0\211-$AA\09=\350cB\0\17\204\200\0\0\09=\200dB\0ux9|$\20t?\241\230\301A\0+\5\240\1B\0\2135T\202@\0+D$8\3\5\254\1B\0\243\220\301A\0\353\13\215D$\30P\377\25X\202@\0j\1WW\215D$$WP\377\326\205\300u\345\3533\377\25\264\200@\0;\303v)\241\340cB\0\367\330\33\300\367\320%\314\210@\0Ph$3@\0Wjo\3775\344cB\0\377\25\220\201@\0\211D$\20h\10AA\0\307\5(AA\0\220AA\0\307\5,AA\0\0\200\0\0\350\2334\0\0\205\300Y\17\214\271\0\0\0\2135(AA\0\270\220AA\0+\360t:W\215L$\30QVP\3775\20\240@\0\377\25D\201@\0\205\300\17\204\212\0\0\0;t$\24\17\205\200\0\0\0\15\254\1B\09=$AA\0\17\205\6\377\377\377\353\149=$AA\0uh;\357td\241\240\1B\0\213\310+\15\254\1B\0\3L$8\205\311\17\217\243\376\377\377WWP\3775\20\240@\0\377\25L\201@\0\213t$\20;\367t\37\241\230", ) , ) == 0x0
 00746   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\220\301A\0\377\25x\202@\0V\377\25\214\201@\03\300_^][\203\304$\302\4\0\203\310\377\353\361j\376\353\2j\375X\353\350U\213\354QQ\213E\10VW3\377;\307|\34\213\158dB\0W\3\301WP\3775\20\240@\0\243\240\1B\0\377\25L\201@\0j\4^V\350\300\375\377\377;\307\17\214\350\0\0\0S\213\35H\201@\0W\215E\374PV\215E\10P\3775\20\240@\0\377\323\205\300\17\204\303\0\0\09u\374\17\205\272\0\0\0\377u\10\15\240\1B\0\350\200\375\377\377;\307\211E\370\17\214\244\0\0\09}\20uk9}\10\17\216\216\0\0\0\276\240\301A\0\277\0@\0\09}\10}\3\213}\10j\0\215E\374PWV\3775\20\240@\0\377\323\205\300tm;}\374uhj\0\215E\24P\377u\374V\377u\14\377\25D\201@\0\205\300t\349}\24u\27\213E\374\1E\370)E\10\1\5\240\1B\0\203}\10\0\177\251\3530j\376\3533\213E\10;E\24|\3\213E\24W\215M\374QP\377u\20\3775\20\240@\0\377\323\205\300t\21\213E\374\1\5\240\1B\0\211E\370\213E\370\353\3j\375X[_^\311\302\20\0U\213\354\201\354L\1\0\0SV3\333W\211]\374\377\25\264\200@\0h\0\4\0\0\276\0\314B\0V\3775\344cB\0\5\350\3\0\0\211E\370\211]\364\211]\360\377\25\\201@\0j\3h\0\0\0\200V\350\333&\0\0\213\370\203\377\377\211=\14\240@\0u\12\270\200\212@\0\351\245\2\0\0V\350K*\0\0SW\377\25\274\200@\0;\303\243\230\301A\0\213\360\17\216\36\1\0\0\241HdB\0\367\330\33\300%\0~\0\0\5\0\2\0\0;\360\213\376|\2\213\370Wh\10\301@\0", ) , ) == 0x0
 00747   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\09\35HdB\0u{j\34h\10\301@\0\215E\324P\350A&\0\0\213M\324\367\301\340\377\377\377\17\205\222\0\0\0\201}\330\357\276\255\336\17\205\205\0\0\0\201}\344Instu|\201}\340softus\201}\334Nulluj\213E\354;\306\17\217\233\1\0\0\11M\10\366E\10\10\213\25\220\301A\0\211\25HdB\0u\6\366E\10\4um\377E\360\215p\374;\376v:\213\376\3536\366E\10\2u09]\374\17\205\372\0\0\0\377\25\264\200@\0;E\370v\34hd\212@\0h$3@\0Sjo\3775\344cB\0\377\25\220\201@\0\211E\374;5\230\301A\0}\21Wh\10\301@\0\377u\364\350\256\332\377\377\211E\364\1=\220\301A\0+\367;\363\17\217\360\376\377\3779]\374t\11\377u\374\377\25\214\201@\09\35HdB\0\17\204\371\0\0\09]\360t*\3775\220\301A\0\350\374\372\377\377j\4\215E\370P\350\277\372\377\377\205\300\17\204\326\0\0\0\213E\364;E\370\17\205\312\0\0\0\377u\350\350\207$\0\0h\10AA\0\213\360\350\2330\0\0\215\205\264\376\377\377\307\4$\0\324B\0P\350V%\0\0Sh\0\1\0\4j\2SSh\0\0\0\300\215\205\264\376\377\377P\377\25\270\200@\0\203\370\377\243\20\240@\0u<\270 \212@\0\351\330\0\0\0\215E\270P\377\25X\202@\0j\1SS\215E\270SP\377\25T\202@\0\205\300u\343\351\25\377\377\3779]\374tL\377u\374\377\25\214\201@\0\353A\241HdB\0\203\300\34P\350F\372\377\377\213M\324\377u\350\367\321\203\341\4\243\250\1B\0+\301\213M\354VS\215D\10\344j\377\243\244\1B\0\350A\374\377\377;E\350t\16V\377\25<\201", ) , ) == 0x0
 00748   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\2\2115\350cB\0t\3\203\16\10\213\6\203\340\30\366E\10\20\243\200dB\0t\4\200N\1\4\366E\324\1\213\6\243DdB\0t\6\377\5@dB\0j\10\215FDY\203\350\10\10Iu\370\241\240\1B\0\211F\243\344cB\0u\12\306D$\20"\276\1\300B\0\377t$\20V\350!"\0\0P\377\25\230\201@\0\213\360\211t$\30\351\21\1\0\0< u\6F\200> t\372\200>"\306D$\20 u\6F\306D$\20"\200>/\17\205\334\0\0\0F\212\6243\344cB\0u\12\306D$\20 (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\2\2115\350cB\0t\3\203\16\10\213\6\203\340\30\366E\10\20\243\200dB\0t\4\200N\1\4\366E\324\1\213\6\243DdB\0t\6\377\5@dB\0j\10\215FDY\203\350\10\10Iu\370\241\240\1B\0\211F\243\344cB\0u\12\306D$\20"\276\1\300B\0\377t$\20V\350!"\0\0P\377\25\230\201@\0\213\360\211t$\30\351\21\1\0\0< u\6F\200> t\372\200>"\306D$\20 u\6F\306D$\20"\200>/\17\205\334\0\0\0F\212\60\0P\377\25\230\201@\0\213\360\211t$\30\351\21\1\0\0< u\6F\200> t\372\200> (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\2\2115\350cB\0t\3\203\16\10\213\6\203\340\30\366E\10\20\243\200dB\0t\4\200N\1\4\366E\324\1\213\6\243DdB\0t\6\377\5@dB\0j\10\215FDY\203\350\10\10Iu\370\241\240\1B\0\211F\243\344cB\0u\12\306D$\20"\276\1\300B\0\377t$\20V\350!"\0\0P\377\25\230\201@\0\213\360\211t$\30\351\21\1\0\0< u\6F\200> t\372\200>"\306D$\20 u\6F\306D$\20"\200>/\17\205\334\0\0\0F\212\6200>/\17\205\334\0\0\0F\212\616\212N\1\200\311 \200\371 u\3\203\317\2\201", ) == 0x0
 00749   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, " \200\371 u\3\203\317\4\201~\376 /D=\17\204\27\1\0\0\211|$\34u\11\210L$\20\203\306\3\353\30\200\371 \17\204\261\0\0\0\204\311\17\204\251\0\0\0\306D$\20 \213\360\377t$\20V\350_!\0\0\205\300\17\204\316\0\0\0+\306@@U\213\370\350"u\1F\212\6\204\300\17\205\345\376\377\377W\350z\372\377\377\213\3303\355;\335\17\205\274\0\0\09-@dB\0\17\204\231\0\0\0\213|$\30UW\350\313 \0\0\213\360\353UU\350\262 \0\0\205\300\243\260\1B\0t\20ht\213@\0P\350\340"\0\0\241\260\1B\0j\0P\377\25\304\200@\0\353\237\306F\376\0\203\306\2Vh\0\304B\0\350\276"\0\0\353\225\273 \213@\0\353\\273\20\213@\0\353U\201> _?=t\5N;\367s\363;\367\273\200\212@\0rd\306\6\0\203\306\4V\350\274$\0\0\205\300t/Vh\0\304B\0\350}"\0\0Vh\0\310B\0\350r"\0\03\333\203\15\214dB\0\377\350\301\34\0\0j\1\211D$\30\350\11#\0\0\350\355\374\377\377\377\25\220\202@\0\205\333\17\204\23\1\0\0h\20\0 \0S\350\267\37\0\0j\2\351\275\1\0\0\211l$\20\277\271\1B\0\276\270\1B\0\275\270\11B\0h\0\324B\0W\306\5\270\1B\0"\350\17"\0\0h\24\240@\0V", ) \211|$\34u\11\210L$\20\203\306\3\353\30\200\371 \17\204\261\0\0\0\204\311\17\204\251\0\0\0\306D$\20 \213\360\377t$\20V\350_!\0\0\205\300\17\204\316\0\0\0+\306@@U\213\370\3500\0\205\300\243\260\1B\0\17\204\274\0\0\0;\375v\2\213\375OWVP\377\323\3775\260\1B\0\350\3%\0\0j\0\3775\260\1B\0\377\25\304\200@\0\213|$\34\306D$\20/\377t$\20V\350\6!\0\0\213\360\200> (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, " \200\371 u\3\203\317\4\201~\376 /D=\17\204\27\1\0\0\211|$\34u\11\210L$\20\203\306\3\353\30\200\371 \17\204\261\0\0\0\204\311\17\204\251\0\0\0\306D$\20 \213\360\377t$\20V\350_!\0\0\205\300\17\204\316\0\0\0+\306@@U\213\370\350"u\1F\212\6\204\300\17\205\345\376\377\377W\350z\372\377\377\213\3303\355;\335\17\205\274\0\0\09-@dB\0\17\204\231\0\0\0\213|$\30UW\350\313 \0\0\213\360\353UU\350\262 \0\0\205\300\243\260\1B\0t\20ht\213@\0P\350\340"\0\0\241\260\1B\0j\0P\377\25\304\200@\0\353\237\306F\376\0\203\306\2Vh\0\304B\0\350\276"\0\0\353\225\273 \213@\0\353\\273\20\213@\0\353U\201> _?=t\5N;\367s\363;\367\273\200\212@\0rd\306\6\0\203\306\4V\350\274$\0\0\205\300t/Vh\0\304B\0\350}"\0\0Vh\0\310B\0\350r"\0\03\333\203\15\214dB\0\377\350\301\34\0\0j\1\211D$\30\350\11#\0\0\350\355\374\377\377\377\25\220\202@\0\205\333\17\204\23\1\0\0h\20\0 \0S\350\267\37\0\0j\2\351\275\1\0\0\211l$\20\277\271\1B\0\276\270\1B\0\275\270\11B\0h\0\324B\0W\306\5\270\1B\0"\350\17"\0\0h\24\240@\0V", ) \0\0\241\260\1B\0j\0P\377\25\304\200@\0\353\237\306F\376\0\203\306\2Vh\0\304B\0\350\276 (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, " \200\371 u\3\203\317\4\201~\376 /D=\17\204\27\1\0\0\211|$\34u\11\210L$\20\203\306\3\353\30\200\371 \17\204\261\0\0\0\204\311\17\204\251\0\0\0\306D$\20 \213\360\377t$\20V\350_!\0\0\205\300\17\204\316\0\0\0+\306@@U\213\370\350"u\1F\212\6\204\300\17\205\345\376\377\377W\350z\372\377\377\213\3303\355;\335\17\205\274\0\0\09-@dB\0\17\204\231\0\0\0\213|$\30UW\350\313 \0\0\213\360\353UU\350\262 \0\0\205\300\243\260\1B\0t\20ht\213@\0P\350\340"\0\0\241\260\1B\0j\0P\377\25\304\200@\0\353\237\306F\376\0\203\306\2Vh\0\304B\0\350\276"\0\0\353\225\273 \213@\0\353\\273\20\213@\0\353U\201> _?=t\5N;\367s\363;\367\273\200\212@\0rd\306\6\0\203\306\4V\350\274$\0\0\205\300t/Vh\0\304B\0\350}"\0\0Vh\0\310B\0\350r"\0\03\333\203\15\214dB\0\377\350\301\34\0\0j\1\211D$\30\350\11#\0\0\350\355\374\377\377\377\25\220\202@\0\205\333\17\204\23\1\0\0h\20\0 \0S\350\267\37\0\0j\2\351\275\1\0\0\211l$\20\277\271\1B\0\276\270\1B\0\275\270\11B\0h\0\324B\0W\306\5\270\1B\0"\350\17"\0\0h\24\240@\0V", ) \0\0Vh\0\310B\0\350r (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, " \200\371 u\3\203\317\4\201~\376 /D=\17\204\27\1\0\0\211|$\34u\11\210L$\20\203\306\3\353\30\200\371 \17\204\261\0\0\0\204\311\17\204\251\0\0\0\306D$\20 \213\360\377t$\20V\350_!\0\0\205\300\17\204\316\0\0\0+\306@@U\213\370\350"u\1F\212\6\204\300\17\205\345\376\377\377W\350z\372\377\377\213\3303\355;\335\17\205\274\0\0\09-@dB\0\17\204\231\0\0\0\213|$\30UW\350\313 \0\0\213\360\353UU\350\262 \0\0\205\300\243\260\1B\0t\20ht\213@\0P\350\340"\0\0\241\260\1B\0j\0P\377\25\304\200@\0\353\237\306F\376\0\203\306\2Vh\0\304B\0\350\276"\0\0\353\225\273 \213@\0\353\\273\20\213@\0\353U\201> _?=t\5N;\367s\363;\367\273\200\212@\0rd\306\6\0\203\306\4V\350\274$\0\0\205\300t/Vh\0\304B\0\350}"\0\0Vh\0\310B\0\350r"\0\03\333\203\15\214dB\0\377\350\301\34\0\0j\1\211D$\30\350\11#\0\0\350\355\374\377\377\377\25\220\202@\0\205\333\17\204\23\1\0\0h\20\0 \0S\350\267\37\0\0j\2\351\275\1\0\0\211l$\20\277\271\1B\0\276\270\1B\0\275\270\11B\0h\0\324B\0W\306\5\270\1B\0"\350\17"\0\0h\24\240@\0V", ) \350\17 (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, " \200\371 u\3\203\317\4\201~\376 /D=\17\204\27\1\0\0\211|$\34u\11\210L$\20\203\306\3\353\30\200\371 \17\204\261\0\0\0\204\311\17\204\251\0\0\0\306D$\20 \213\360\377t$\20V\350_!\0\0\205\300\17\204\316\0\0\0+\306@@U\213\370\350"u\1F\212\6\204\300\17\205\345\376\377\377W\350z\372\377\377\213\3303\355;\335\17\205\274\0\0\09-@dB\0\17\204\231\0\0\0\213|$\30UW\350\313 \0\0\213\360\353UU\350\262 \0\0\205\300\243\260\1B\0t\20ht\213@\0P\350\340"\0\0\241\260\1B\0j\0P\377\25\304\200@\0\353\237\306F\376\0\203\306\2Vh\0\304B\0\350\276"\0\0\353\225\273 \213@\0\353\\273\20\213@\0\353U\201> _?=t\5N;\367s\363;\367\273\200\212@\0rd\306\6\0\203\306\4V\350\274$\0\0\205\300t/Vh\0\304B\0\350}"\0\0Vh\0\310B\0\350r"\0\03\333\203\15\214dB\0\377\350\301\34\0\0j\1\211D$\30\350\11#\0\0\350\355\374\377\377\377\25\220\202@\0\205\333\17\204\23\1\0\0h\20\0 \0S\350\267\37\0\0j\2\351\275\1\0\0\211l$\20\277\271\1B\0\276\270\1B\0\275\270\11B\0h\0\324B\0W\306\5\270\1B\0"\350\17"\0\0h\24\240@\0V", ) , ) == 0x0
 00750   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\0\205\333\17\204\247\0\0\0h\0\4\0\0U\3775\344cB\0\377\25\\201@\0h\25\240@\0\215\200\255\11B\0P\377\25\200\200@\0\205\300\17\204o\377\377\377j\0WU\377\25\320\200@\0\205\300tmj\0W\350\14%\0\0\200=\0\304B\0\0t\15h\0\304B\0U\350\236!\0\0\353\6U\350\240#\0\0h\14\213@\0V\377\25\244\200@\0\377t$\30V\377\25\244\200@\0h\4\213@\0V\377\25\244\200@\0UV\377\25\244\200@\0V\350\16#\0\0h\0\324B\0V\350^\36\0\0\205\300t\11P\377\25\204\200@\03\333\376\5\24\240@\0\377D$\20\203|$\20\32\17\214\27\377\377\377\351\332\376\377\377\203=tdB\0\0\17\204\235\0\0\0h\364\212@\0\377\25h\200@\0\213\3703\333;\373tv\2135,\201@\0h\340\212@\0W\377\326h\310\212@\0W\211D$ \377\326h\260\212@\0W\213\350\377\3269\$\30\213\360tJ;\353tF;\363tB\215D$\34Pj(\377\25\314\200@\0P\377T$$\205\300t,\215D$$Ph\234\212@\0S\377\325SSS\215D$,PS\377t$0\307D$8\1\0\0\0\307D$D\2\0\0\0\377\326Sj\2\377\25\224\201@\0\205\300u\7j\11\350U\325\377\377\241\214dB\0\203\370\377t\4\211D$\24\377t$\24\377\25\310\200@\0\314\203|$\4xu\6\377\5\264[B\0j\0\377t$\10h\10\4\0\0\3775\340cB\0\377\25x\202@\0\302\4\0\377t$\14j\0\350\370%\0\0P\213D$\14\5\350\3\0\0P\377t$\14\350\204\35\0\0\302\14\0\203=ldB\0\0\241\310\21B\0u\5\241\330)B\0j\1j\1h\364\0\0\0P\377", ) , ) == 0x0
 00751   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\330)B\0\377\25P\202@\0\302\4\0j\1\377t$\10j(\3775\340cB\0\377\25x\202@\0\302\4\0\241\250[B\0\205\300t\17j\0j\0\377t$\14P\377\25x\202@\0\302\4\0U\213\354\203\354\14\5\315\376\377\377\203\370\5V\17\207\216\0\0\0j\353\377u\14\377\25\240\201@\0\213\360\205\366t}\366F\24\2\213\6W\213=\234\201@\0t\3P\377\327\366F\24\1t\12P\377u\10\377\25P\200@\0\377v\20\377u\10\377\25L\200@\0\366F\24\10\213F\4\211E\370t\6P\377\327\211E\370\366F\24\4_t\12P\377u\10\377\25T\200@\0\366F\24\20t!\213F\10\211E\364\213F\14\205\300t\7P\377\25@\200@\0\215E\364P\377\25D\200@\0\211F\14\213F\14\353\23\300^\311\302\10\0h\240\213@\0h\0\304B\0h\200WB\0\350\0\37\0\0P\350\243 \0\0P\377\25\244\200@\0\303\200=\0\320B\0\0SUVW\277\377\377\0\0\273\0\320B\0t\10S\350L\36\0\0\353\6\377\25\344\200@\03\311\2135$dB\0\205\366tI\213\15\350cB\0\213Id\213\321\17\257\316\367\332\3\15 dB\03\355\3\312f\213)f3\350N#\357f\205\355t\6\205\366u\352\353\33\213Q\2\211\25\274[B\0\213Q\6\211\25\210dB\0\215Q\12\211\25\310[B\0\203=\310[B\0\0u\22f\201\377\377\377u\7\277\377\3\0\0\353\2263\377\353\222\17\267\1PS\350\261\35\0\0j\376h\340[B\0\350\1$\0\0P\3775\324\21B\0\377\25\204\201@\0\241\14dB\0\205\300\2135\10dB\0t\33\213\370\213\6\205\300t\12P\215F\30P\350\323#\0\0\201\306\30\4\0\0Ou\347_^][\303U\213", ) , ) == 0x0
 00752   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "u\34\377u\24h\373\3\0\0\350N\33\0\0\377u\24j\1hf\4\0\0\377u\10\377\326\203}\14\2u-\377u\24\377u\20\377\25x\201@\0\205\300t\16j\7\350\216\322\377\377\205\300u\3@\353\23\300Pj\0he\4\0\0\377u\10\377\3263\300^]\302\20\0U\213\354\377u\20\213E\10\213\15\270\15B\0\3\310Q\377u\14\377\25\324\200@\0\377u\14\350\210\35\0\0\213M\24\1\5\270\15B\0\211\13\300]\302\20\0U\213\354\203\354\14\201}\14\20\1\0\0SVW\17\205\12\1\0\0\213]\24\213{0\205\377}\21\213\15\310[B\0\215\4\275\4\0\0\0+\310\2139\241\30dB\0\377s4\3\370\17\276\7\203e\370\0\211E\24\213C\24\213\360\301\356\5\367\326j"\377u\10\13\360G\211}\364\307E\374XB@\0\203\346\1\350\277\374\377\377\377s8j#\377u\10\350\262\374\377\3773\300\205\366\17\224\300j\1\5\12\4\0\0P\377u\10\377\25\254\201@\0V\350\332\374\377\377h\350\3\0\0\377u\10\377\25@\202@\0\213\330S\350\327\374\377\377\2135x\202@\0j\0j\1h[\4\0\0S\377\326\241\350cB\0\213@h\205\300}\11\367\330P\377\25\234\201@\0Pj\0hC\4\0\0S\377\326h\0\0\1\4j\0hE\4\0\0S\377\326\203%\270\15B\0\0W\350\177\34\0\0Pj\0h5\4\0\0S\377\326\215E\364P\377u\24hI\4\0\0S\377\326\203%\344)B\0\03\300\351~\1\0\0\201}\14\21\1\0\0\213=@\202@\0\213\35x\202@\0uZ\213E\20\301\350\20f\205\300\17\205K\1\0\03\3009\5\344)B\0\17\205=\1\0\0\2135\334)B\0\203\306\24\366\6 \17\204+\1\0\0PPh\360", ) \377u\10\13\360G\211}\364\307E\374XB@\0\203\346\1\350\277\374\377\377\377s8j#\377u\10\350\262\374\377\3773\300\205\366\17\224\300j\1\5\12\4\0\0P\377u\10\377\25\254\201@\0V\350\332\374\377\377h\350\3\0\0\377u\10\377\25@\202@\0\213\330S\350\327\374\377\377\2135x\202@\0j\0j\1h[\4\0\0S\377\326\241\350cB\0\213@h\205\300}\11\367\330P\377\25\234\201@\0Pj\0hC\4\0\0S\377\326h\0\0\1\4j\0hE\4\0\0S\377\326\203%\270\15B\0\0W\350\177\34\0\0Pj\0h5\4\0\0S\377\326\215E\364P\377u\24hI\4\0\0S\377\326\203%\344)B\0\03\300\351~\1\0\0\201}\14\21\1\0\0\213=@\202@\0\213\35x\202@\0uZ\213E\20\301\350\20f\205\300\17\205K\1\0\03\3009\5\344)B\0\17\205=\1\0\0\2135\334)B\0\203\306\24\366\6 \17\204+\1\0\0PPh\360", ) == 0x0
 00753   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\327P\377\323\213\16\203\340\1\203\341\376\13\310P\211\16\350\344\373\377\377\350\273\373\377\377\203}\14N\17\205\347\0\0\0h\350\3\0\0\377u\10\377\327\213M\24\201y\10\13\7\0\0\17\205\210\0\0\0\201y\14\1\2\0\0\2135\250\201@\0\213=\244\201@\0u^\213Q\30\211U\364\213Q\34\211U\370+U\364\307E\374\200OB\0\201\372\0\10\0\0s@\215M\364Qj\0hK\4\0\0P\377\323h\2\177\0\0j\0\377\327P\377\326j\1j\0j\0\377u\374h\254\213@\0\377u\10\377\25d\201@\0h\0\177\0\0j\0\377\327P\377\326\213M\24\203y\14 u\17h\211\177\0\0j\0\377\327P\377\326\213M\24\201y\10\0\7\0\0uN\201y\14\0\1\0\0uE\203y\20\15u\24j\0j\1h\21\1\0\0\3775\340cB\0\377\323\213M\24\203y\20\33u\16j\0j\0j\20\3775\340cB\0\377\3233\300@\353\36\201}\14\13\4\0\0u\6\377\5\344)B\0\213M\24\213E\14Q\377u\20\350\25\373\377\377_^[\311\302\20\0U\213\354\201}\14\20\1\0\0V\213u\24u&\377v0j\35\377u\10\350f\372\377\377\213F<\301\340\12\5\0pB\0Ph\350\3\0\0\377u\10\350\360\27\0\0\213E\14V\377u\20\350\314\372\377\377^]\302\20\0U\213\354\203\354@SVWj\24_\213\360\201\376\0\4\0\0j\334[s\63\377j\336\353\15\201\376\0\0\20\0s\6j\12_j\335[j\337\215E\340P\350\7 \0\0PS\215E\300P\350\374\37\0\0P\215\4\266j\12\321\340\213\317\323\350Y3\322\367\361\213\317\323\356RVh\264\213@\0\377u\14\276\330\31B\0V\350\322\37\0\0V\213\370\350\26\32\0\0\3\370W\377\250\202", ) , ) == 0x0
 00754   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "[B\0\350O\27\0\0_^[\311\302\10\0\213\25\14dB\0\213\15\10dB\03\300\205\322t\30V\366A\10\1t\7\213t$\10\3\4\261\201\301\30\4\0\0Ju\352^\302\4\0U\213\354\203\354H\241\334)B\0SV\213p<\301\346\12\211E\340\213@8\201\306\0pB\0\201}\14\13\4\0\0W\211E\374\273\373\3\0\0u%VS\350\351\26\0\0V\350\217\31\0\0\350j\372\377\377h\360\3\0\0\377u\10\377\25\264\201@\0\243x?B\0\201}\14\20\1\0\0\17\205\206\0\0\0j\20\377\25\260\201@\0\204\344\213=@\202@\0y$h\360\3\0\0\377u\10\377\327j\340j\10\377u\10\211E\370\350\352\370\377\377j\10\377u\370\377\25(\202@\0V\350\13\27\0\0\205\300t\20V\350(\27\0\0\205\300u\6V\350\267\32\0\0VS\377u\10\350^\26\0\0\213E\24\377p4j\1\377u\10\350\253\370\377\377\213E\24\377p0j\24\377u\10\350\233\370\377\377S\377u\10\377\327P\350\350\370\377\377\201}\14\21\1\0\0\17\205\273\0\0\0\17\267E\20;\303u\30\213M\20\301\351\20f\201\371\0\3\17\205\1\2\0\0\307E\14\17\4\0\0=\351\3\0\0\17\205\220\0\0\0j\7Y\377u\3743\300\215}\274\363\253\213E\10\277\330\31B\0j\0\211E\270\211}\300\307E\314\362A@\0\211u\320\350.\36\0\0\211E\304\215E\270P\307E\310A\0\0\0\377\25h\201@\0\205\300tLP\350/\25\0\0\241\350cB\0\213\200\34\1\0\0\205\300t'Pj\0\350\371\35\0\0W\277\200OB\0W\377\25\200\200@\0\205\300t\16WV\350\320\31\0\0P\377\25\244\200@\0\377\5\304\15B\0VS\377u\10\350j\25\0\0\201}\14\17\4\0\0", ) , ) == 0x0
 00755   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\1\0\0\203e\374\0\203e\370\0VS\203\317\377\350H\25\0\0V\350\22\32\0\0\205\300u\7\307E\374\1\0\0\0V\276\310\15B\0V\350\313\27\0\0V\350\325\25\0\0\205\300t\3\306\0\0h\324\213@\0\377\25h\200@\0\205\300\273\0\4\0\0t2h\300\213@\0P\377\25,\201@\0\205\300t"\215M\344Q\215M\354Q\215M\330QV\377\320\205\300t\17\213}\330\213E\334\17\254\307\12\301\350\12\353/\215E\334P\215E\364P\215E\350P\215E\360PV\377\25\350\200@\0\205\300t\33\213E\360\17\257E\350S\377u\364P\377\25$\201@\0\213\370\307E\370\1\0\0\0j\5\350M\375\377\377;\370s\7\307E\374\2\0\0\0\213\15\310[B\03\3669q\20t+j\373h\377\3\0\0\350\222\374\377\3779u\370t\14j\374S\213\307\350\203\374\377\377\353\16h\276\213@\0S\377u\10\350R\24\0\0\213E\374;\306\243\204dB\0u\12j\7\350\261\313\377\377\211E\374\213E\340\205X\24t\3\211u\3743\3009u\374\17\224\300P\350\306\366\377\3779u\374u\1595\304\15B\0u\5\350\220\366\377\377\2115\304\15B\0\377u\24\213E\14\377u\20\350\345\366\377\377_^[\311\302\20\0U\213\354\203\354\20\377\25\274\201@\0\17\277\310\301\350\20\17\277\300\211E\364\215E\360P\377u\10\211M\360\377\25\270\201@\0\215E\360Pj\0h\21\21\0\0\377u\10\377\25x\202@\0\212E\370$f\366\330\33\300#E\374\311\302\4\0U\213\354\203\354(\201}\14\2\1\0\0VWu\33\203}\20 \17\205\255\0\0\0h\23\4\0\0\350R\366\377\3773\300\351\265\0\0\0\203\317\377\203}\14\2u\6\211=<\240@\0\201}\14\0\2\0\0\276\31\4\0\0", ) \215M\344Q\215M\354Q\215M\330QV\377\320\205\300t\17\213}\330\213E\334\17\254\307\12\301\350\12\353/\215E\334P\215E\364P\215E\350P\215E\360PV\377\25\350\200@\0\205\300t\33\213E\360\17\257E\350S\377u\364P\377\25$\201@\0\213\370\307E\370\1\0\0\0j\5\350M\375\377\377;\370s\7\307E\374\2\0\0\0\213\15\310[B\03\3669q\20t+j\373h\377\3\0\0\350\222\374\377\3779u\370t\14j\374S\213\307\350\203\374\377\377\353\16h\276\213@\0S\377u\10\350R\24\0\0\213E\374;\306\243\204dB\0u\12j\7\350\261\313\377\377\211E\374\213E\340\205X\24t\3\211u\3743\3009u\374\17\224\300P\350\306\366\377\3779u\374u\1595\304\15B\0u\5\350\220\366\377\377\2115\304\15B\0\377u\24\213E\14\377u\20\350\345\366\377\377_^[\311\302\20\0U\213\354\203\354\20\377\25\274\201@\0\17\277\310\301\350\20\17\277\300\211E\364\215E\360P\377u\10\211M\360\377\25\270\201@\0\215E\360Pj\0h\21\21\0\0\377u\10\377\25x\202@\0\212E\370$f\366\330\33\300#E\374\311\302\4\0U\213\354\203\354(\201}\14\2\1\0\0VWu\33\203}\20 \17\205\255\0\0\0h\23\4\0\0\350R\366\377\3773\300\351\265\0\0\0\203\317\377\203}\14\2u\6\211=<\240@\0\201}\14\0\2\0\0\276\31\4\0\0", ) == 0x0
 00756   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\300tr\377u\10\350V\377\377\377\205\300\211E\334t\36\215E\330Pj\0h\14\21\0\0\377u\10\307E\330\4\0\0\0\377\25x\202@\0\213}\374\211u\14\353\3\213}\249u\14u;9=<\240@\0t3S\276\0pB\0V\273\330\31B\0S\211=<\240@\0\350\240\25\0\0WV\350\367\24\0\0j\6\350^\312\377\377SV\350\213\25\0\0[\353\3\213}\24W\377u\20\377u\14\377u\10\3775\300\15B\0\377\25\300\201@\0_^\311\302\20\0U\213\354\203\354TSV\2135@\202@\0Wh\371\3\0\0\377u\10\377\326h\10\4\0\0\377u\10\211E\370\377\326\2135x\202@\0\211E\374\241\10dB\0\211E\350\241\350cB\0\5\224\0\0\03\333\201}\14\20\1\0\0j\20\211E\344_\17\205\32\2\0\0\213E\10\243LdB\0\241\14dB\0\301\340\2P\211]\340\307E\354\2\0\0\0\350\261\22\0\0jn\3775\344cB\0\243\320\21B\0\377\25\310\201@\0h\255I@\0j\374\377u\374\211E\360\377\25D\202@\0Sj\6j!WW\243\300\15B\0\377\254\200@\0h\377\0\377\0\377u\360\243\314\21B\0P\377\25,\200@\0\3775\314\21B\0j\2h\11\21\0\0\377u\374\377\326SSh\34\21\0\0\377u\374\377\326;\307}\14SWh\33\21\0\0\377u\374\377\326\377u\360\377\25@\200@\03\377\213E\344\213\4\270;\303t'\203\377 t\3\211]\354PS\350\17\32\0\0PShC\1\0\0\377u\370\377\326WPhQ\1\0\0\377u\370\377\326G\203\377!|\311\213E\354\213}\24\377t\2070j\25\377u\10\350\332\363\377\377\213E\354\377t\2074j\26\377u\10\350\311\363\377\3773\3779\35\14dB\0\211", ) , ) == 0x0
 00757   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\300\10\211E\360\273\0\21\0\0\213U\360\215B\20\2008\0\17\204\204\0\0\0\213M\364\211E\304\213\2j \211M\254Y\213\320#\321\250\2\307E\260\2\0\377\377\307E\264\15\0\0\0\211M\300\211}\330\211U\274t&\215E\254Pj\0S\377u\374\307E\264M\0\0\0\307E\324\1\0\0\0\377\326\211E\364\307E\340\1\0\0\0\353(\213E\360\366\0\4t\24\377u\364j\3h\12\21\0\0\377u\374\377\326\211E\364\353\25\215E\254Pj\0S\377u\374\377\326\213\15\320\21B\0\211\4\271\201E\360\30\4\0\0G;=\14dB\0\17\214Y\377\377\3773\3339]\340u\32j\360\377u\374\377\25\240\201@\0\203\340\373Pj\360\377u\374\377\25D\202@\0Sj\6h\25\1\0\0\377u\374\377\3269]\354u\30j\5\377u\370\377\25(\202@\0\377u\370\350\26\363\377\377\351\216\3\0\0\377u\374\350\11\363\377\377\201}\14\5\4\0\0u\223\377G\211]\20\211}\24\307E\14\17\4\0\0\353\3\213}\24\203}\14N\270\23\4\0\0t\119E\14\17\205\376\0\0\09E\14t\15\201\177\4\10\4\0\0\17\205\354\0\0\0\366\5EdB\0\2\17\205\235\0\0\09E\14t\24\203\177\10\376\17\205\216\0\0\0\377u\374\350\365\373\377\377\353\15Sj\11h\12\21\0\0\377u\374\377\326;\303\211E\274tp\215E\270PSh\14\21\0\0\377u\374\307E\270\4\0\0\0\377\326\205\300tV\213E\334\213M\350i\300\30\4\0\0\215L\10\10\213\1\250\20u@\250@t\235\200\0\0\0\204\300y\5\203\310\1\353\10\203\340\376\353\3\203\360\1\211\1\377u\334\350\247\303\377\377\241DdB\03\311\301\350\10A\367\320#\301\211M\20\211E\24\307E\14\17\4\0\0;\373", ) , ) == 0x0
 00758   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "w\Sh\31\4\0\0\377u\374\377\326\201\177\10j\376\377\377u\36\213G\\213M\350i\300\30\4\0\0\203\177\14\2\215D\10\10u\5\203\10 \353\3\203 \337\201}\14\21\1\0\0urf\201}\20\371\3\17\205A\2\0\0\213E\20\301\350\20f=\1\0\17\2051\2\0\0SShG\1\0\0\377u\370\377\326\203\370\377\17\204\34\2\0\0SPhP\1\0\0\377u\370\377\326\213\370\203\377\377t\10\213E\3449\34\270u\3j _W\350\26\304\377\377WSh \4\0\0\377u\10\377\326\307E\20\1\0\0\0\211]\24\307E\14\17\4\0\0\201}\14\0\2\0\0u\14SSh\0\2\0\0\377u\374\377\326\201}\14\13\4\0\0u2\241\314\21B\0;\303t\7P\377\250\200@\0\241\320\21B\0;\303t\7P\377\25<\201@\0\211\35\314\21B\0\211\35\320\21B\0\211\35LdB\0\201}\14\17\4\0\0\17\205@\1\0\0\350\215\303\377\3779]\20t\7j\10\350\254\305\377\3779]\24t?\3775\320\21B\0\350\306\303\377\377\213\370W\350s\303\377\3773\3003\311;\373~\16\213U\3449\34\202t\1A@;\307|\362SQhN\1\0\0\377u\370\377\326\211}\24\307E\14 \4\0\0\3508\303\377\3779\35\14dB\0\241\320\21B\0\213=\10dB\0\211E\340\307E\3040\360\0\0\211]\354\17\216\245\0\0\0\203\307\10\213E\340\213M\354\213\4\210;\303t}\213\27j\10\211E\274X\213\312#\310\211U\350\203e\350 \321\341\13M\350\366\306\1\211E\270\211M\300t\24\215G\20\307E\270\11\0\0\0\211E\310\200g\1\376\213M\300\366\302@t\5j\3X\353\16\213\302\203\340\1@\366\302\20t\3\203\300\3\377u\274\301\340\14\13\3103\3009", ) , ) == 0x0
 00759   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\21\0\0\377u\374\377\326\215E\270PSh\15\21\0\0\377u\374\377\326\377E\354\213E\354\201\307\30\4\0\0;\5\14dB\0\17\214^\377\377\377\241\310[B\09X\20t\23j\5\350\317\365\377\377j\373h\377\3\0\0\350,\365\377\377\201}\14 \4\0\0u5\366\5EdB\0\1t,\2135(\202@\03\300\203}\24 \17\224\300\301\340\3\213\370W\377u\374\377\326Wh\376\3\0\0\377u\10\377\25@\202@\0P\377\326\377u\24\213E\14\377u\20\350\247\357\377\377_^[\311\302\20\0U\213\354\203\3540\241\254[B\0W3\377;\307\211E\370\17\204\272\0\0\0S\213\35@\240@\0\211]\374\203e\374\1V\276\330\21B\0u\11\377u\10V\350\340\24\0\0V\350&\17\0\09}\14\211E\10t\34\377u\14\350\26\17\0\0\3E\10=\0\10\0\0sy\377u\14V\377\25\244\200@\0\366\303\4t\15V\3775\270[B\0\377\25\204\201@\0\366\303\2tIWWh\4\20\0\0\377u\370\211u\344\2135x\202@\0\307E\320\1\0\0\0\377\326+E\374\367\323\211E\324\215E\320PW\203\343\1\201\313\6\20\0\0S\377u\370\211}\330\377\326W\377u\324h\23\20\0\0\377u\370\377\3269}\374t\12\213E\10\306\200\330\21B\0\0^[_\311\302\10\0V\2135\10dB\0W\213=\14dB\0j\0\377\25\224\202@\0\11\5\220dB\0\205\377tQ\203\306\30O\366F\360\1u\30\366\5EdB\0\4u\17Vh\364\213@\0\350\227\17\0\0YY\353\35Vh\344\213@\0\350\210\17\0\0YY\377t$\14\377v\364\350\25\302\377\377\205\300u\14\201\306\30\4\0\0\205\377u\272\353\6\377\5ldB\0h\4\4\0\0\3502\356\377\377\377\25", ) , ) == 0x0
 00760   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\4\0U\213\354\203\354, ) , ) == 0x0
 00761   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "}\20\3\4u5S\3775\300[B\0\377\327j\10V\377\327\350\275\353\377\377\201}\14\4\4\0\0uU9\35\264[B\0t&jx\307\5\340)B\0\2\0\0\0\350R\353\377\377\377u\24\213E\14\377u\20\350\366\353\377\377_^[\311\302\20\0j\10\3775\340cB\0\377\3279\35ldB\0u\16\241\334)B\0S\377p4\350/\374\377\377j\1\350\26\353\377\377\203}\14{u\2769u\20u\271SSh\4\20\0\0V\377\25x\202@\0;\303\211E\10\17\216\365\0\0\0\377\25\350\201@\0j\341S\213\370\350\14\21\0\0Pj\1SW\377\25\344\201@\0\213E\24\203\370\377u\23\215E\354PV\377\25\340\201@\0\213M\354\213E\360\353\11\17\277\310\301\350\20\17\277\300SVSPQh\200\1\0\0W\377\25\334\201@\03\377G;\307\17\205\232\0\0\0\213u\10\211]\314\307E\330\330\31B\0\307E\334\377\17\0\0\215E\304PNVh-\20\0\0\377u\374\377\25x\202@\0;\363\215|\7\2u\344S\377\25\330\201@\0\377\25\324\201@\0WjB\377\25\364\200@\0P\211E\14\377\25\360\200@\0\213\360\215E\304PSh-\20\0\0\377u\374\211u\330\211}\334\377\25x\202@\0V\350\234\12\0\0\3\360f\307\6\15\12FFC;]\10|\322\377u\14\377\25\354\200@\0\377u\14j\1\377\25\320\201@\0\377\25\314\201@\03\300\351\262\376\377\377\203\354\20SU\213l$ \271\20\1\0\0;\351VW\17\204t\1\0\0\201\375\10\4\0\0\17\204h\1\0\0\203\375G\213\$$u\25j\233\300PPPPS\3775\324\21B\0\377\25\374\201@\0\203\375\5u\30\213D$,H\367\330\33\300#\305P\3775\324\21B\0\377\25(\202", ) , ) == 0x0
 00762   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\250[B\0\377\25\214\201@\0\213D$,\243\250[B\0\351\21\4\0\0\203\375\21u\23j\0j\0S\377\25D\202@\03\300@\351 \4\0\0\203\375\20u3\241\4dB\0H9\5$\240@\0\17\205\310\0\0\0\3775\310\21B\0\377\25\370\201@\0\205\300\17\205\264\0\0\0\275\21\1\0\0\307D$,\1\0\0\0\201\375\21\1\0\0\17\205\233\0\0\0\17\267t$,VS\377\25@\202@\0\213\35x\202@\0\213\370\205\377t\33j\0j\0h\363\0\0\0W\377\323W\377\25\370\201@\0\205\300\17\204\246\3\0\03\377G;\367u\3W\353A\203\376\3u\15\203=$\240@\0\0~:j\377\353/\203\376\2u1\203=ldB\0\0t\16V\350\361\275\377\377\2115\340)B\0\353\21j\3\350\342\275\377\377\205\300u$\211=\340)B\0jx\350\225\350\377\377\353\25\377t$0\377t$0h\21\1\0\0\3775\250[B\0\377\323\377t$0\213\305\377t$0\350!\351\377\377\351-\3\0\0;\351\213D$,\213\$$\243\274\15B\0uM\2135@\202@\0j\1S\211\35\340cB\0\377\326j\2S\243\330)B\0\377\326j\377j\34S\243\310\21B\0\350V\350\377\377\3775\260[B\0j\362S\377\25\364\201@\0j\4\350U\275\377\377\243\264[B\03\300@\243\274\15B\0\213\15$\240@\0\213\361\301\346\6\35\0dB\03\377;\317|>\203\370\1u1W\377v\20\350A\274\377\377\205\300t$j\1Wh\17\4\0\0\3775\250[B\0\377\25x\202@\03\3009=\264[B\0\17\224\300\351\202\2\0\09>\17\204x\2\0\0h\13\4\0\0\350D\350\377\377\241\274\15B\0\1\5$\240@\0\301\340\6\3\360\241$\240@", ) , ) == 0x0
 00763   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\305\274\377\377\203=\264[B\0\0\17\205\370\1\0\0\241\4dB\09\5$\240@\0\17\203\347\1\0\0\377v$\213~\24h\0\340B\0\350\205\15\0\0\377v h\31\374\377\377S\350t\347\377\377\377v\34h\33\374\377\377S\350f\347\377\377\377v(h\32\374\377\377S\350X\347\377\377j\3S\377\25@\202@\0\203=ldB\0\0\213\350t\11\201\347\375\376\377\377\203\317\4\213\307\203\340\10PU\377\25(\202@\0\213\307%\0\1\0\0PU\377\25P\202@\0\213\307\203\340\2P\350Z\347\377\377\203\347\4W\3775\310\21B\0\377\25P\202@\0j\13\377Wh\364\0\0\0U\213-x\202@\0\377\3259=ldB\0t\23Wj\2h\1\4\0\0S\377\325\3775\310\21B\0\353\6\3775\330)B\0\350$\347\377\377h\340[B\0\275\330\31B\0U\350\4\7\0\0\377v\30U\350\1\7\0\0\3\305P\350\255\14\0\0US\377\25\204\201@\0W\377v\10\350\314\272\377\377\205\300\17\205\275\376\377\3779\6\17\204\265\376\377\377\203~\4\5u\359\5ldB\0\17\205\21\1\0\09\5`dB\0\17\205\227\376\377\377\351\0\1\0\0\3775\250[B\0\377\25\214\201@\0\203>\0\2115\334)B\0\17\216\300\0\0\0\213F\4V\3774\205(\240@\0f\213\6f\3\5\274[B\0S\17\267\300P\3775\344cB\0\377\25\220\201@\0\205\300\243\250[B\0\17\204\215\0\0\0\377v,j\6P\350\15\346\377\377\215D$\20Ph\372\3\0\0S\377\25@\202@\0P\377\25\340\201@\0\215D$\20PS\377\25\270\201@\0j\253\377WW\377t$ \377t$ W\3775\250[B\0\377\25\374\201@\0W\377v\14\350\370\271\377\377j\10\3775\250", ) , ) == 0x0
 00764   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\0\0\350\35\346\377\377\353 \3775\250[B\0\377\25\214\201@\0\3775\340)B\0\203%\340cB\0\0S\377\25\360\201@\0\203=\350)B\0\0u\34\203=\250[B\0\0t\23j\12S\377\25(\202@\0\307\5\350)B\0\1\0\0\03\300_^][\203\304\20\302\20\0\241DdB\0\203\354\24SUV\2135\350cB\0\203\340 W\243`dB\0\350\222\346\377\377\275\0\304B\0U\350\251\7\0\03\333\205\300\17\205\200\0\0\0\213NH;\313ty\241\30dB\0\213VL\277\200OB\0W\3\320R\3\310Q\377vD\350@\4\0\0\240\200OB\0:\303tT<"u\17j"\277\201OB\0W\350\377\2\0\0\210\30W\3500\5\0\0\215D8\374;\307v&h(\214@\0P\377\25\200\200@\0\205\300u\26W\377\25\214\200@\0\203\370\377t\4\250\20u\6W\350\6\7\0\0W\350\237\6\0\0PU\350\357\4\0\0U\350\31\7\0\0\205\300u\14\377\266\30\1\0\0U\350\223\12\0\03\355E\366\5DdB\0\20t\239\35@dB\0u\13\350\254\345\377\377\211-x?B\0h@\200\0\0SSUjg\3775\344cB\0\377\25H\202@\0\243\260[B\0\203~P\377\277\200[B\0\17\204\211\0\0\0\213\15\344cB\0\243\224[B\0\215D$\20W\307D$\24_Nb\0\307\5\204[B\0\0\20@\0\211\15\220[B\0\243\244[B\0\377\25\20\202@\0f\205\300\17\204#\1\0\0S\215D$\30PSj0\377\25\14\202@\0\213D$ +D$\30S\3775\344cB\0SSP\213D$0+D$(P\377t$0\215D$,\377t$0h\0\0\0\200SPh\200\0\0\0\377\25\10\202@\0\243\324\21", ) u\17j (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\0\0\350\35\346\377\377\353 \3775\250[B\0\377\25\214\201@\0\3775\340)B\0\203%\340cB\0\0S\377\25\360\201@\0\203=\350)B\0\0u\34\203=\250[B\0\0t\23j\12S\377\25(\202@\0\307\5\350)B\0\1\0\0\03\300_^][\203\304\20\302\20\0\241DdB\0\203\354\24SUV\2135\350cB\0\203\340 W\243`dB\0\350\222\346\377\377\275\0\304B\0U\350\251\7\0\03\333\205\300\17\205\200\0\0\0\213NH;\313ty\241\30dB\0\213VL\277\200OB\0W\3\320R\3\310Q\377vD\350@\4\0\0\240\200OB\0:\303tT<"u\17j"\277\201OB\0W\350\377\2\0\0\210\30W\3500\5\0\0\215D8\374;\307v&h(\214@\0P\377\25\200\200@\0\205\300u\26W\377\25\214\200@\0\203\370\377t\4\250\20u\6W\350\6\7\0\0W\350\237\6\0\0PU\350\357\4\0\0U\350\31\7\0\0\205\300u\14\377\266\30\1\0\0U\350\223\12\0\03\355E\366\5DdB\0\20t\239\35@dB\0u\13\350\254\345\377\377\211-x?B\0h@\200\0\0SSUjg\3775\344cB\0\377\25H\202@\0\243\260[B\0\203~P\377\277\200[B\0\17\204\211\0\0\0\213\15\344cB\0\243\224[B\0\215D$\20W\307D$\24_Nb\0\307\5\204[B\0\0\20@\0\211\15\220[B\0\243\244[B\0\377\25\20\202@\0f\205\300\17\204#\1\0\0S\215D$\30PSj0\377\25\14\202@\0\213D$ +D$\30S\3775\344cB\0SSP\213D$0+D$(P\377t$0\215D$,\377t$0h\0\0\0\200SPh\200\0\0\0\377\25\10\202@\0\243\324\21", ) , ) == 0x0
 00765   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "j\2X\351\306\0\0\0\350\376\344\377\3779\35\200dB\0\17\205\213\0\0\0j\5\3775\324\21B\0\377\25(\202@\0\2135\300\200@\0\275P\240@\0U\377\326\205\300u\14Uf\307\5V\240@\032\377\326\213-\4\202@\0W\276D\240@\0VS\377\325\205\300u\37WVS\210\35L\240@\0\377\325W\2115\244[B\0\306\5L\240@\02\377\25\20\202@\0\241\274[B\0Sh\227U@\0\203\300i\17\267\300SP\3775\344cB\0\377\25\0\202@\0j\5\213\360\350)\270\377\377\213\306\353*S\350\315\364\377\377\205\300t\309\35\264[B\0\17\205F\377\377\377j\2\350\10\270\377\377\351:\377\377\377U\350\375\267\377\3773\300_^][\203\304\24\303U\213\354Q\215E\374P\377\25l\201@\0\213E\374\205\300t\22\377u\10\213\10P\377Q\24\213E\374\213\10P\377Q\10\311\302\4\0U\213\354\203\354\20\377u\14\307\5\3601B\0D\0\0\0\377\25\214\200@\03\311\203\370\377t\4\250\20u\3\211M\14\215E\360Ph\3601B\0\377u\14QQQQQ\377u\10Q\377\25\374\200@\0\205\300t\14\377u\364\377\25\204\200@\0\213E\360\311\302\10\0\377%\24\202@\0h\0\4\0\0\377t$\14\377t$\14\3775\250[B\0\377\25\30\202@\0\302\10\0\213D$\10\213\310\201\341\377\377\37\0\203=\200dB\0\0t\5\301\350\25u%\203=\210dB\0\0t\6\201\361\0\0\30\0Qh\340[B\0\377t$\14\3775\340cB\0\377\25\34\202@\0\302\10\0\377t$\4j@\377\25\364\200@\0\302\4\0\213D$\4\353\15:L$\10t\15P\377\25\230\201@\0\212\10\204\311u\355\302\10\0\213L$\4\212\1\14 f\2019\\t", ) , ) == 0x0
 00766   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, ":t\43\300\353\33\300@\302\4\0SV\2135\230\201@\0W\213|$\20W\377\326\213\330S\377\326\200?\0t\14f\201;:\u\5P\377\326\353!f\201?\\u\30j\2^j\PN\350\204\377\377\377\2008\0t\7@\205\366u\355\353\23\300_^[\302\4\0\213L$\4V\213t$\20\205\366~\17\213D$\14+\301\212\24\10\210\21ANu\367^\302\14\0\377t$\4\377\25\214\200@\0\213\310Aj\0\367\331\33\311#\310Q\377t$\24j\0j\1\377t$\34\377t$\34\377\25\270\200@\0\302\14\0U\213\354V\213u\10Wjd_O\307E\10nsa\0\377\25\264\200@\0j\32Y3\322\367\361Vj\0\215E\10P\377u\14\0U\12\377\25\0\201@\0\205\300u\15\205\377u\320\306\6\0_^]\302\10\0\213\306\353\366U\213\354SV\213u\24\215E\14Ph\31\0\2\03\333S\377u\14\210\36\377u\10\377\25\10\200@\0\205\300u>\215E\10PV\215E\24PS\377u\20\307E\10\0\4\0\0\377u\14\377\25\34\200@\0\205\300u\14\203}\24\1t\10\203}\24\2t\2\210\36\377u\14\210\236\377\3\0\0\377\25 \200@\0^[]\302\20\0\377t$\10h0\214@\0\377t$\14\377\250\202@\0\203\304\14\302\10\0U\213\354Q\213M\10SVW3\377\2009-\307E\374\1\0\0\0\260\12\2639u\5A\203M\374\377\20090u\34A\212\21\200\3720|\11\200\3727\177\4\260\10\2637\200\342\337\200\372Xu\3\260\20A\17\276\21A\203\3720|\14\17\276\363;\326\177\5\203\3520\353\31<\20u!\213\362\203\346\337\203\376A|\27\203\376F\177\22\203\342\7\203\302\11\17\276\360\17\257\367\3\362\213\376\353\306\213E\374\17", ) , ) == 0x0
 00767   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\201@\0\377%\10\201@\0SU\213-\230\201@\0V\213t$\20W\353\5V\377\325\213\360\200> t\366\200>\u\25\200~\1\u\17\200~\2?u\11\200~\3\u\3\203\306\4\200>\0t\14V\350\236\375\377\377\205\300t\2FF\213\336\213\3763\300\353+<\37v"Ph4\214@\0\350e\375\377\377\2008\0u\22V\377\325+\306PVW\350\343\375\377\377W\377\325\213\370V\377\325\213\360\212\6\204\300u\317\210\7WS\377\25,\202@\0\213\370\212\7< t\4<\u\7;\337\306\7\0r\345_^]\213\303[\302\4\0U\213\354S3\3339]\10t\32\241`\240@\0\203\370\377t\7P\377\25\204\200@\0\203\15`\240@\0\377\353u9\35x?B\0tm8\35\200WB\0t/\203=`\240@\0\377u/j\4h\0\0\0@h\200WB\0\350~\375\377\377\203\370\377\243`\240@\0tAj\2SSP\377\25L\201@\0\203=`\240@\0\377t-Vh@\214@\0\276\200?B\0V\377\25\244\200@\0S\215E\10PV\377\25\10\201@\0PV\3775`\240@\0\377\25D\201@\0^[]\302\4\0\215D$\10P\377t$\10h\200?B\0\377\25 \202@\0j\0\350F\377\377\377\303SV\2135l\200@\0Wh\1\200\0\0\377\326\2778:B\0W\377t$\24\377\25X\201@\0j\0\213\330\377\326\203\373\377t\13S\377\25P\201@\0\213\307\353\23\300_^[\302\4\0V\213t$\10V\377\25\10\201@\0\3\306PV\377\25,\202@\0\2008\t\14hX\205@\0V\377\25\244\200@\0\213\306^\302\4\0VW\213|$\14W\377\25\10\201@\0\2135,\202@\0\3\307PW\377\326\205\377t\22;\307v\16", ) Ph4\214@\0\350e\375\377\377\2008\0u\22V\377\325+\306PVW\350\343\375\377\377W\377\325\213\370V\377\325\213\360\212\6\204\300u\317\210\7WS\377\25,\202@\0\213\370\212\7< t\4<\u\7;\337\306\7\0r\345_^]\213\303[\302\4\0U\213\354S3\3339]\10t\32\241`\240@\0\203\370\377t\7P\377\25\204\200@\0\203\15`\240@\0\377\353u9\35x?B\0tm8\35\200WB\0t/\203=`\240@\0\377u/j\4h\0\0\0@h\200WB\0\350~\375\377\377\203\370\377\243`\240@\0tAj\2SSP\377\25L\201@\0\203=`\240@\0\377t-Vh@\214@\0\276\200?B\0V\377\25\244\200@\0S\215E\10PV\377\25\10\201@\0PV\3775`\240@\0\377\25D\201@\0^[]\302\4\0\215D$\10P\377t$\10h\200?B\0\377\25 \202@\0j\0\350F\377\377\377\303SV\2135l\200@\0Wh\1\200\0\0\377\326\2778:B\0W\377t$\24\377\25X\201@\0j\0\213\330\377\326\203\373\377t\13S\377\25P\201@\0\213\307\353\23\300_^[\302\4\0V\213t$\10V\377\25\10\201@\0\3\306PV\377\25,\202@\0\2008\t\14hX\205@\0V\377\25\244\200@\0\213\306^\302\4\0VW\213|$\14W\377\25\10\201@\0\2135,\202@\0\3\307PW\377\326\205\377t\22;\307v\16", ) == 0x0
 00768   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\353\356_^\302\10\0V\213t$\10V\377\25\10\201@\0\3\306\2008\t\14PV\377\25,\202@\0;\306w\357\306\0\0^\302\4\0V\377t$\10\27682B\0V\377\25\4\201@\0V\350\311\373\377\377\205\300u\43\300\353W\366\5DdB\0\200t\13\212\10\204\311t\355\200\371\t\350S\213\35\10\201@\0W\213\370+\376\353\25V\350\364\376\377\377\205\300t\5\366\0\20t*V\350\204\377\377\377V\377\323;\307\177\344V\350\26\377\377\377V\377\25\214\200@\03\311\203\370\377\17\225\301\213\301_[^\302\4\03\300\353\366U\213\354QSVW\377u\14\213=\10\201@\0\377\327\213u\10\211E\374\353'\213E\374\377u\14\212\340V\306\40\0\377\25\200\200@\0\205\300\213E\374\210\340t\32V\377\25\230\201@\0\213\360V\377\327;E\374}\3213\300_^[\311\302\10\0\213\306\353\365UVW\213|$\20W\350\377\372\377\377\213\3603\355\205\366t4Sj\V\350\253\372\377\377\213\360\212\36W\306\6\0\350<\376\377\377\205\300u\14PW\377\25\304\200@\0\205\300\353\3\366\0\20u\1E\210\36F\204\333u\316[_3\300\205\355^\17\224\300]\302\4\0\203\354\20SUVWh\324\213@\0\377\25h\200@\0\205\300\213t$(t!hp\214@\0P\377\25,\201@\0\205\300t\21j\5V\377t$,\377\320\205\300\17\205\25\2\0\0\205\366\213-\230\200@\0\307\586B\0NUL\0\277\0\4\0\0t,j\1j\0V\350\305\372\377\377P\377\25\204\200@\0W\27386B\0SV\377\325\205\300\17\204\337\1\0\0;\307~\26\351\326\1\0\0hl\214@\0\27386B\0S\377\25\4\201@\0W\276\360-B\0V\377t$,\377", ) , ) == 0x0
 00769   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\307\17\217\246\1\0\0VShd\214@\0h\360)B\0\377\250\202@\0\203\304\20h\360\3\0\0V\213\330\377\25\334\200@\0hT\214@\0V\377\25\244\200@\0Uh\200\0\0\10j\4UUh\0\0\0\300V\377\25\270\200@\0\213\370\203\377\377\211|$\20\17\204L\1\0\0UW\377\25\274\200@\0\213\3603\311Q\215,\36\215E\12PQj\4QW\211l$4\211D$,\377\25\30\201@\03\311;\301\211D$(\17\204\377\0\0\0QQQj\2P\377\25\24\201@\0\213\370\205\377\17\204\331\0\0\0hH\214@\0W\350\372\375\377\377\205\300u(hH\214@\0\215\47P\377\25\4\201@\0S\203\306\12h\360)B\0\215\47P\350\204\371\377\377\3\363\351\233\0\0\0hD\214@\0\203\300\12P\350\300\375\377\377\205\300tx\377t$\24@j@\211D$ \211D$,\377\25\364\200@\0\213\350\205\355tBh\360)B\0U\377\25\4\201@\0\215\147\213t$\30\3\335+\336\213D$$;\301s\14\212\20\210\24\3@\211D$$\353\354+\306PUV\350\33\371\377\377\213t$\34U\377\25<\201@\0\353,W\377\25\20\201@\0\377t$(\2135\204\200@\0\377\326\377t$\20\377\326\353FSh\360)B\0\215\47P\350\344\370\377\377\213\365W\377\25\20\201@\0\377t$(\377\25\204\200@\0\213|$\203\311QQVW\377\25L\201@\0W\377\25\14\201@\0W\377\25\204\200@\0\377\5pdB\0_^][\203\304\20\302\10\0\203\354\24U\213l$ \205\355V}\21\213\15\310[B\0\215\4\255\4\0\0\0+\310\213)\241\30dB\0\213L$ \3\350\270\200OB\0+\310\201\371\0\10\0\0\213\360s\11\213t$", ) , ) == 0x0
 00770   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\204\277\1\0\0SW\213\316+\310\201\371\0\4\0\0\17\215\253\1\0\0E\200\372\374\17\206\203\1\0\0\17\276E\1\17\276M\0\213\370\203\347\177\213\331\203\343\177\301\347\7\13\373\273\0\200\0\0\211L$\24\13\313\211D$\34\13\303EE\200\372\376\211L$\30\211D$ \17\205\362\0\0\03\377\203|$\34\4\211|$,\306\6\0u\13j\2\307D$0\334\214@\0_\213\$\24\203\373+u\25Vh\314\214@\0h\240\214@\0h\2\0\0\200\350\\370\377\377\203\373&u&Vh\220\214@\0h\240\214@\0h\2\0\0\200\350B\370\377\377\200>\0u}h|\214@\0V\377\25\4\201@\0\203\373%u\14h\0\4\0\0V\377\25\34\201@\0\203\373$u\14h\0\4\0\0V\377\25\334\200@\0\200>\0uJ\203=ddB\0\0j\4_u\5j\2_\3539\215D$\20P\377t\274\24O\3775\340cB\0\377\25p\201@\0\205\300u\34V\377t$\24\377\25x\201@\0\377t$\20\213\330\350\256\365\377\377\205\333u\11\353\3\306\6\0\205\377u\303\200>\0tF\203|$,\0t?\377t$,V\377\25\244\200@\0\3532\200\372\375u>\203\377\33u\16\3775\340cB\0V\350\367\367\377\377\353\22\213\307\301\340\12\5\0pB\0PV\377\25\4\201@\0\203\307\353\203\377\6s\6V\350\203\370\377\377V\377\25\10\201@\0\3\360\353!\200\372\377u\34\203\310\377+\307PV\350\25\376\377\377\353\342u\11\212E\0\210\6FE\353\3\210\26F\212U\0\204\322\270\200OB\0\17\205E\376\377\377_[\203|$ \0\306\6\0^]t\20h\0\4\0\0P\377t$ \377\25\324\200@\0\203\304\24\302\10\0U\213\354\201\354D\1\0\0S\213]\10S", ) , ) == 0x0
 00771   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "E\374t\27S\377\25(\201@\0\367\330\33\300@\1\5hdB\0\351\273\1\0\0\211M\10\203e\10\1Vt\21\205\300\17\204\250\1\0\0\366\301\2\17\2046\1\0\0WS\276x;B\0V\377\25\4\201@\0\203}\10\0\213=\244\200@\0t\12h\324\215@\0V\377\327\353\6S\350\247\371\377\377hX\205@\0S\377\327S\377\25\10\201@\0\213\370\215\205\274\376\377\377PV\3\373\377\25X\201@\0\213\360\203\376\377\17\204\325\0\0\0\200\275\350\376\377\377.u\32\200\275\351\376\377\377.\17\204\242\0\0\0\200\275\351\376\377\377\0\17\204\225\0\0\0\215\205\350\376\377\377PW\377\25\4\201@\0\366\205\274\376\377\377\20t\25\213E\14\203\340\3<\3ut\377u\14S\350\15\377\377\377\353iSh\270\215@\0\350f\370\377\377\213\205\274\376\377\377YY\203\340\376PS\377\25\254\200@\0S\377\25(\201@\0\205\300Su8\366E\14\4t\36h\224\215@\0\3507\370\377\377YYSj\361\350\200\347\377\377j\0S\3500\372\377\377\353\33ht\215@\0\350\31\370\377\377\377\5hdB\0YY\353\7j\362\350[\347\377\377\215\205\274\376\377\377PV\377\25T\201@\0\205\300\17\2052\377\377\377V\377\25P\201@\0\203}\10\0t\4\306G\377\0_3\3669u\374tb9u\10t]S\350(\370\377\377ShT\215@\0\350\303\367\377\377YYS\377\25 \201@\0\205\300Su7\366E\14\4t\35h,\215@\0\350\245\367\377\377YYSj\361\350\356\346\377\377VS\350\237\371\377\377\353\33h\10\215@\0\350\210\367\377\377\377\5hdB\0YY\353\7j\345\350\312\346\377\377^[\311\302\10\0\213D$\4\271\200\0\0\0I\306\4\1\0u\371\203Hx\3773\311A\211H", ) , ) == 0x0
 00772   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\215l$\214\201\354\214\0\0\0V\213u|Wj"Y\215}\354\363\245\203}D\377u\103\300@\351\330\11\0\0\213u S\213]0\213E\354\203\370\34\17\207\301\11\0\0\377$\205\4t@\0\203}\10\0\17\204\241\11\0\0\213E\4\377M\10\212\0\377E\4<\341\17\207\235\11\0\0\17\266\300\231j-Y\367\371j\11Y\213\360\17\266\302\231\367\371\213\316\17\266\3723\322B\323\342\213\310\211}8J\211UX3\322B\323\342\215\147\276\0\3\0\0\323\346J\211U\\201\3066\7\0\0\215<6;}\374t#\203}p\0t\11\377up\377\25<\201@\0W\350\2\363\377\377\205\300\211Ep\17\2045\11\0\0\211}\374\205\366t\14\213EpNf\307\4p\0\4u\364\203e,\0\203e4\0\353$\203}\10\0\17\204\217\10\0\0\213E\4\213M,\17\266\0\377M\10\301\341\3\323\340\11E4\377E\4\377E,\203},\4|\326\213E4;E\0t%\203}l\0\211E\0t\11\377ul\377\25<\201@\0\377u4\350\216\362\377\377\205\300\211El\17\204\301\10\0\0\213El\213M\0\306D\10\377\0\307E,\5\0\0\0\353!\203}\10\0\17\204-\10\0\0\213M\4\213Eh\17\266\11\377M\10\301\340\10\13\301\377E\4\211Eh\213E,\377M,\205\300u\325\213E\24#EX\213M<\301\341\4\3\310\211E(\213Ep\2154H\307E\360\6\0\0\0\351`\6\0\03\3229U4uq\17\266E\30\213u\24#u\3\311\261\10*M8\323\350\213M8\323\346\213Mp\3\306\215\4@\301\340\11\203}<\4\215\204\10l\16\0\0\211E\34}\5\211U<\353\20\203}<\12}\6\203m<\3\353\4\203m<\69U@t\34\213E`+EH", ) Y\215}\354\363\245\203}D\377u\103\300@\351\330\11\0\0\213u S\213]0\213E\354\203\370\34\17\207\301\11\0\0\377$\205\4t@\0\203}\10\0\17\204\241\11\0\0\213E\4\377M\10\212\0\377E\4<\341\17\207\235\11\0\0\17\266\300\231j-Y\367\371j\11Y\213\360\17\266\302\231\367\371\213\316\17\266\3723\322B\323\342\213\310\211}8J\211UX3\322B\323\342\215\147\276\0\3\0\0\323\346J\211U\\201\3066\7\0\0\215<6;}\374t#\203}p\0t\11\377up\377\25<\201@\0W\350\2\363\377\377\205\300\211Ep\17\2045\11\0\0\211}\374\205\366t\14\213EpNf\307\4p\0\4u\364\203e,\0\203e4\0\353$\203}\10\0\17\204\217\10\0\0\213E\4\213M,\17\266\0\377M\10\301\341\3\323\340\11E4\377E\4\377E,\203},\4|\326\213E4;E\0t%\203}l\0\211E\0t\11\377ul\377\25<\201@\0\377u4\350\216\362\377\377\205\300\211El\17\204\301\10\0\0\213El\213M\0\306D\10\377\0\307E,\5\0\0\0\353!\203}\10\0\17\204-\10\0\0\213M\4\213Eh\17\266\11\377M\10\301\340\10\13\301\377E\4\211Eh\213E,\377M,\205\300u\325\213E\24#EX\213M<\301\341\4\3\310\211E(\213Ep\2154H\307E\360\6\0\0\0\351`\6\0\03\3229U4uq\17\266E\30\213u\24#u\3\311\261\10*M8\323\350\213M8\323\346\213Mp\3\306\215\4@\301\340\11\203}<\4\215\204\10l\16\0\0\211E\34}\5\211U<\353\20\203}<\12}\6\203m<\3\353\4\203m<\69U@t\34\213E`+EH", ) == 0x0
 00773   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\4\103\333\210E\31C\353e3\333C\351\316\1\0\0\213Ep\213M<\307E@\1\0\0\0\215\264H\200\1\0\0\307E\360\7\0\0\0\351\310\5\0\0\203}\10\0\17\204P\7\0\0\213M\4\213Eh\17\266\11\301ed\10\377M\10\301\340\10\13\301\377E\4\211Eh\213E49E,\17\205\257\0\0\0\201\373\0\1\0\0\17\215\11\1\0\0\17\266E\31\320e\31\213M\34\301\350\7\211E,@\301\340\10\3\303\2154Af\213\6\213Md\17\267\320\301\351\13\17\257\3129Mh\211u s\32\203e4\0\211Md\271\0\10\0\0+\312\301\371\5\3\310f\211\16\321\343\353\37)Md)Mh3\311f\213\310f\301\351\5\307E4\1\0\0\0\215\\33\1+\301f\211\6\201}d\0\0\0\1\211]0\17\203o\377\377\377\351E\377\377\377\203}\10\0\17\204\236\6\0\0\213M\4\213Eh\17\266\11\301ed\10\377M\10\301\340\10\13\301\377E\4\211Eh\201\373\0\1\0\0}^\213E\34\213Md\215\24\33\2154\2f\213\6\17\267\370\301\351\13\17\257\3179Mh\211u s\26\211Md\271\0\10\0\0+\317\301\371\5\3\310f\211\16\321\343\353\27)Md)Mh3\311f\213\310f\301\351\5\215Z\1+\301f\211\6\201}d\0\0\0\1\211]0s\237\351u\377\377\377\203e@\0\212E0\210E\30\203}\20\0\17\204\33\6\0\0\212E\30\213M\14\213Ul\377E\24\377E\14\377M\20\210\1\213M`\210\4\21\215A\13\322\367u\0\351\214\1\0\0\203}\10\0\17\204\341\5\0\0\213M\4\213Eh\17\266\11\301ed\10\377M\10\301\340\10\13\301\377E\4\211Eh\201\373\0\1\0\0}\234\213E\34\213Md\215\24\33\2154\2f\213\6\17\267\370\301\351", ) , ) == 0x0
 00774   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\211Md\271\0\10\0\0+\317\301\371\5\3\310f\211\16\321\343\353\27)Md)Mh3\311f\213\310f\301\351\5\215Z\1+\301f\211\6\201}d\0\0\0\1\211]0s\237\351u\377\377\377\203}4\1u\31\213Ep\213M<\215\264H\230\1\0\0\307E\360\10\0\0\0\351\235\3\0\0\213EP\211ET\213EL\211EP\213EH\211EL3\300\203}<\7\307E\364\26\0\0\0\17\235\300H\203\340\375\203\300\12\211E<\213Ep\5d\6\0\0\211E\34\213u\34\307E\360\22\0\0\0\351W\3\0\0\203}4\0u\36\213E<\213Mp\203\300\17\301\340\4\3E(\307E\360\11\0\0\0\2154A\3513\3\0\0\213Ep\213M<\215\264H\260\1\0\0\307E\360\12\0\0\0\351\32\3\0\0\203}4\0\17\205\253\0\0\0\203}\24\0\17\204\5\5\0\03\300\203}<\7\17\235\300\215D\0\11\211E<\203}\20\0\17\204\242\4\0\0\213E`+EH;E\0r\3\3E\0\213Ul\212\14\20\213E`\210\14\20@3\322\367u\0\377E\24\213E\14\377E\14\377M\20\210M\30\210\10\211U`\307E\354\2\0\0\0\351\336\372\377\377\203}4\0u\5\213EL\3533\213Ep\213M<\215\264H\310\1\0\0\307E\360\13\0\0\0\351\210\2\0\0\203}4\0u\5\213EP\353\11\213MP\213ET\211MT\213ML\211MP\213MH\211ML\211EH\213Ep\5h\12\0\0\211E\34\307E\364\25\0\0\0\351\350\376\377\3773\300\203}<\7\17\235\300H\203\340\375\203\300\13\211E<\351\234\1\0\0\213ED\203\370\4|\3j\3X\213Mp\301\340\7\215\204\10`\3\0\0\211E\34\307E4\6\0\0\0\307E\370\31\0\0\0\351\311\2\0\0\203\373", ) , ) == 0x0
 00775   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "I\203\310\2\323\340\203\373\16\211EH}\24\213Up+\303\215\204B^\5\0\0\211M4\351\201\0\0\03\333\203\301\374\211M,\3533\211]H\351)\1\0\0\203}\10\0\17\204{\3\0\0\213M\4\213Eh\17\266\11\301ed\10\377M\10\301\340\10\13\301\377E\4\211Eh\213EH\377M,\203},\0~'\213Mh\321md\321\343;Md\211]0r\14\213Md)Mh\203\313\1\211]0\201}d\0\0\0\1s\322\353\250\301\343\4\3\303\211EH\213Ep\5D\6\0\0\307E4\4\0\0\03\333\211E\34\307E$\1\0\0\0\211]0\211],\353(\203}\10\0\17\204\1\3\0\0\213M\4\213Eh\17\266\11\301ed\10\377M\10\301\340\10\13\301\377E\4\211Eh\377E,\213E49E,}s\213}$\213E\34\213Ud\3\377\2154\7f\213\6\17\267\310\301\352\13\17\257\3219Uh\211u s\27\211Ud\272\0\10\0\0+\321\301\372\5\3\320\321e$f\211\26\353,3\311A)Ud)Uh\213\331\213M,\323\343\213\313\213]0\13\3313\311f\213\310f\301\351\5\211]0+\301Gf\211\6\211}$\201}d\0\0\0\1s\207\351]\377\377\377\1]H\377EH\213EH\205\300\17\204`\2\0\0;E\24\17\207\205\2\0\0\203ED\2\213ED\1E\24\203}\20\0\17\204I\2\0\0\213E`+EH;E\0r\3\3E\0\213Ul\212\14\20\213E`\210\14\20@3\322\367u\0\213E\14\377E\14\377M\20\377MD\203}D\0\210M\30\210\10\211U`\177\274\351{\375\377\377\203}4\0u \213E(\203eD\0\213M\34\301\340\4\215D\1\4\211E\34\307E4\3\0\0\0\351\307\0\0\0\213u\34\203\306\2\307", ) , ) == 0x0
 00776   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\213Md\17\267\320\301\351\13\17\257\3129Mhs\30\211Md\271\0\10\0\0+\312\301\371\5\3\310\203e4\0f\211\16\353\33)Md)Mh3\311f\213\310f\301\351\5\307E4\1\0\0\0+\301f\211\6\201}d\0\0\0\1s%\203}\10\0\17\204\203\1\0\0\213M\4\213Eh\17\266\11\301ed\10\377M\10\301\340\10\13\301\377E\4\211Eh\213E\360\211E\354\351\257\367\377\377\203}4\0u\34\213E(\213M\34\301\340\4\307ED\10\0\0\0\215\204\1\4\1\0\0\351?\377\377\377\201E\34\4\2\0\0\307ED\20\0\0\0\307E4\10\0\0\0\307E\370\24\0\0\0\213E4\307E$\1\0\0\0\211E,\353(\203}\10\0\17\204\17\1\0\0\213M\4\213Eh\17\266\11\301ed\10\377M\10\301\340\10\13\301\377E\4\211Eh\377M,\203},\0~_\213U$\213E\34\213Md\3\322\2154\2f\213\6\17\267\370\301\351\13\17\257\3179Mh\211u s\27\211Md\271\0\10\0\0+\317\301\371\5\3\310\321e$f\211\16\353\30)Md)Mh3\311f\213\310f\301\351\5+\301Bf\211\6\211U$\201}d\0\0\0\1s\235\351s\377\377\377\213M4\213]$3\300@\323\340+\330\213E\370\211]0\351\6\377\377\377\1]D\213E\364\351\373\376\377\377\307E\354\1\0\0\0\353g\307E\354\3\0\0\0\353^\307E\354\15\0\0\0\353U\307E\354\16\0\0\0\353L\307E\354\17\0\0\0\353C\307E\354\32\0\0\0\353:\307E\354\33\0\0\0\3531\307E\354\14\0\0\0\353(\307E\354\20\0\0\0\353\37\203MD\377\353\31\307E\354\34\0\0\0\353\20\307E\354\5\0\0\0\353\7\307E\354\30\0\0\0\213}|j"Y\215u\354\363", ) Y\215u\354\363", ) == 0x0
 00777   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\305t\311\303?j@\0\341j@\0wk@\0Lk@\0\375q@\0Mr@\0\232k@\0>n@\0\243n@\0\340n@\0No@\0ro@\04p@\02l@\0\355l@\0\263m@\0\267p@\0\224n@\0\307q@\0}r@\0os@\0\254o@\0\304o@\0\273r@\0\312r@\0\362o@\0\202m@\0\4o@\0~q@\0\377%\210\202@\0\377%\204\202@\0\377%\200\202@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", ) , ) == 0x0
 00778   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\4\233\0\0"\233\0\00\233\0\0@\233\0\0\210\233\0\0v\233\0\0d\233\0\0P\233\0\0\24\233\0\0\0\0\0\0\21\0\0\200t\221\0\0`\221\0\0\212\221\0\0\0\0\0\0\334\232\0\0\314\232\0\0\266\232\0\0\240\232\0\0\224\232\0\0\204\232\0\0\354\232\0\0t\232\0\0\0\0\0\0\370\222\0\0\12\223\0\0\32\223\0\0.\223\0\0>\223\0\0T\223\0\0j\223\0\0\206\223\0\0\240\223\0\0\254\223\0\0\272\223\0\0\310\223\0\0\336\223\0\0\360\223\0\0\376\223\0\0\22\224\0\0&\224\0\02\224\0\0>\224\0\0V\224\0\0l\224\0\0t\224\0\0\204\224\0\0\222\224\0\0\350\222\0\0\266\224\0\0\312\224\0\0\330\224\0\0\354\224\0\0\370\224\0\0\4\225\0\0\26\225\0\0.\225\0\0>\225\0\0V\225\0\0j\225\0\0z\225\0\0\210\225\0\0\226\225\0\0\246\225\0\0\270\225\0\0\314\225\0\0\330\225\0\0\344\225\0\0\364\225\0\0\6\226\0\0\26\226\0\0,\226\0\0B\226\0\0\372\221\0\0\4\222\0\0\326\222\0\0\310\222\0\0\262\222\0\0\224\222\0\0\22\222\0\0x\222\0\0l\222\0\0`\222\0\0N\222\0\0B\222\0\02\222\0\0 \222\0\0\240\224\0\0\0\0\0\0\274\233\0\0\344\233\0\0\372\233\0\0\10\234\0\0\250\233\0\0\314\233\0\0\0\0\0\0\262\227\0\0\304\227\0\0\326\227\0\0\342\227\0\0\362\227\0\0\10\230\0\0\30\230\0\0$\230\0\02\230\0\0D\230\0\0R\230\0\0^\230\0\0p\230\0\0\204\230\0\0\232\230\0\0\254\230\0\0\274\230\0\0\316\230\0\0\340\230\0\0\356\230\0\0\0\231\0\0\24\231\0\0&\231\0\06\231\0\0H\231\0\0X\231\0\0f\231\0\0x\231\0\0\214\231\0\0", ) \233\0\00\233\0\0@\233\0\0\210\233\0\0v\233\0\0d\233\0\0P\233\0\0\24\233\0\0\0\0\0\0\21\0\0\200t\221\0\0`\221\0\0\212\221\0\0\0\0\0\0\334\232\0\0\314\232\0\0\266\232\0\0\240\232\0\0\224\232\0\0\204\232\0\0\354\232\0\0t\232\0\0\0\0\0\0\370\222\0\0\12\223\0\0\32\223\0\0.\223\0\0>\223\0\0T\223\0\0j\223\0\0\206\223\0\0\240\223\0\0\254\223\0\0\272\223\0\0\310\223\0\0\336\223\0\0\360\223\0\0\376\223\0\0\22\224\0\0&\224\0\02\224\0\0>\224\0\0V\224\0\0l\224\0\0t\224\0\0\204\224\0\0\222\224\0\0\350\222\0\0\266\224\0\0\312\224\0\0\330\224\0\0\354\224\0\0\370\224\0\0\4\225\0\0\26\225\0\0.\225\0\0>\225\0\0V\225\0\0j\225\0\0z\225\0\0\210\225\0\0\226\225\0\0\246\225\0\0\270\225\0\0\314\225\0\0\330\225\0\0\344\225\0\0\364\225\0\0\6\226\0\0\26\226\0\0,\226\0\0B\226\0\0\372\221\0\0\4\222\0\0\326\222\0\0\310\222\0\0\262\222\0\0\224\222\0\0\22\222\0\0x\222\0\0l\222\0\0`\222\0\0N\222\0\0B\222\0\02\222\0\0 \222\0\0\240\224\0\0\0\0\0\0\274\233\0\0\344\233\0\0\372\233\0\0\10\234\0\0\250\233\0\0\314\233\0\0\0\0\0\0\262\227\0\0\304\227\0\0\326\227\0\0\342\227\0\0\362\227\0\0\10\230\0\0\30\230\0\0$\230\0\02\230\0\0D\230\0\0R\230\0\0^\230\0\0p\230\0\0\204\230\0\0\232\230\0\0\254\230\0\0\274\230\0\0\316\230\0\0\340\230\0\0\356\230\0\0\0\231\0\0\24\231\0\0&\231\0\06\231\0\0H\231\0\0X\231\0\0f\231\0\0x\231\0\0\214\231\0\0", ) == 0x0
 00779   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\312\231\0\0\334\231\0\0\354\231\0\0\376\231\0\0\26\232\0\0(\232\0\0:\232\0\0L\232\0\0Z\232\0\0\234\227\0\0\216\227\0\0\202\227\0\0v\227\0\0`\227\0\0P\227\0\0D\227\0\06\227\0\0$\227\0\0\26\227\0\0\16\227\0\0\376\226\0\0\356\226\0\0\332\226\0\0\310\226\0\0\246\226\0\0\230\226\0\0\210\226\0\0|\226\0\0p\226\0\0d\226\0\0\270\226\0\0\0\0\0\0\324\221\0\0\276\221\0\0\254\221\0\0\0\0\0\0F\234\0\0X\234\0\02\234\0\0\0\0\0\0logging set to %d\0\0\0settings logging to %d\0\0File Extraction: failed createprocess on uninstaller ("%s")\0File Extraction: success ("%s")\0" _?=\0\0\0 /x "\0\0\0created uninstaller: %d, "%s"\0\0\0WriteReg: error creating key %d\%s\0\0WriteRegBin: set %d\%s\%s with %d bytes\0WriteRegDWORD: set %d\%s\%s to %d\0\0\0WriteRegStr: set %d\%s\%s to %s\0DeleteRegKey", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\312\231\0\0\334\231\0\0\354\231\0\0\376\231\0\0\26\232\0\0(\232\0\0:\232\0\0L\232\0\0Z\232\0\0\234\227\0\0\216\227\0\0\202\227\0\0v\227\0\0`\227\0\0P\227\0\0D\227\0\06\227\0\0$\227\0\0\26\227\0\0\16\227\0\0\376\226\0\0\356\226\0\0\332\226\0\0\310\226\0\0\246\226\0\0\230\226\0\0\210\226\0\0|\226\0\0p\226\0\0d\226\0\0\270\226\0\0\0\0\0\0\324\221\0\0\276\221\0\0\254\221\0\0\0\0\0\0F\234\0\0X\234\0\02\234\0\0\0\0\0\0logging set to %d\0\0\0settings logging to %d\0\0File Extraction: failed createprocess on uninstaller ("%s")\0File Extraction: success ("%s")\0" _?=\0\0\0 /x "\0\0\0created uninstaller: %d, "%s"\0\0\0WriteReg: error creating key %d\%s\0\0WriteRegBin: set %d\%s\%s with %d bytes\0WriteRegDWORD: set %d\%s\%s to %d\0\0\0WriteRegStr: set %d\%s\%s to %s\0DeleteRegKey", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\312\231\0\0\334\231\0\0\354\231\0\0\376\231\0\0\26\232\0\0(\232\0\0:\232\0\0L\232\0\0Z\232\0\0\234\227\0\0\216\227\0\0\202\227\0\0v\227\0\0`\227\0\0P\227\0\0D\227\0\06\227\0\0$\227\0\0\26\227\0\0\16\227\0\0\376\226\0\0\356\226\0\0\332\226\0\0\310\226\0\0\246\226\0\0\230\226\0\0\210\226\0\0|\226\0\0p\226\0\0d\226\0\0\270\226\0\0\0\0\0\0\324\221\0\0\276\221\0\0\254\221\0\0\0\0\0\0F\234\0\0X\234\0\02\234\0\0\0\0\0\0logging set to %d\0\0\0settings logging to %d\0\0File Extraction: failed createprocess on uninstaller ("%s")\0File Extraction: success ("%s")\0" _?=\0\0\0 /x "\0\0\0created uninstaller: %d, "%s"\0\0\0WriteReg: error creating key %d\%s\0\0WriteRegBin: set %d\%s\%s with %d bytes\0WriteRegDWORD: set %d\%s\%s to %d\0\0\0WriteRegStr: set %d\%s\%s to %s\0DeleteRegKey", )  _?=\0\0\0 /x  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\312\231\0\0\334\231\0\0\354\231\0\0\376\231\0\0\26\232\0\0(\232\0\0:\232\0\0L\232\0\0Z\232\0\0\234\227\0\0\216\227\0\0\202\227\0\0v\227\0\0`\227\0\0P\227\0\0D\227\0\06\227\0\0$\227\0\0\26\227\0\0\16\227\0\0\376\226\0\0\356\226\0\0\332\226\0\0\310\226\0\0\246\226\0\0\230\226\0\0\210\226\0\0|\226\0\0p\226\0\0d\226\0\0\270\226\0\0\0\0\0\0\324\221\0\0\276\221\0\0\254\221\0\0\0\0\0\0F\234\0\0X\234\0\02\234\0\0\0\0\0\0logging set to %d\0\0\0settings logging to %d\0\0File Extraction: failed createprocess on uninstaller ("%s")\0File Extraction: success ("%s")\0" _?=\0\0\0 /x "\0\0\0created uninstaller: %d, "%s"\0\0\0WriteReg: error creating key %d\%s\0\0WriteRegBin: set %d\%s\%s with %d bytes\0WriteRegDWORD: set %d\%s\%s to %d\0\0\0WriteRegStr: set %d\%s\%s to %s\0DeleteRegKey", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\312\231\0\0\334\231\0\0\354\231\0\0\376\231\0\0\26\232\0\0(\232\0\0:\232\0\0L\232\0\0Z\232\0\0\234\227\0\0\216\227\0\0\202\227\0\0v\227\0\0`\227\0\0P\227\0\0D\227\0\06\227\0\0$\227\0\0\26\227\0\0\16\227\0\0\376\226\0\0\356\226\0\0\332\226\0\0\310\226\0\0\246\226\0\0\230\226\0\0\210\226\0\0|\226\0\0p\226\0\0d\226\0\0\270\226\0\0\0\0\0\0\324\221\0\0\276\221\0\0\254\221\0\0\0\0\0\0F\234\0\0X\234\0\02\234\0\0\0\0\0\0logging set to %d\0\0\0settings logging to %d\0\0File Extraction: failed createprocess on uninstaller ("%s")\0File Extraction: success ("%s")\0" _?=\0\0\0 /x "\0\0\0created uninstaller: %d, "%s"\0\0\0WriteReg: error creating key %d\%s\0\0WriteRegBin: set %d\%s\%s with %d bytes\0WriteRegDWORD: set %d\%s\%s to %d\0\0\0WriteRegStr: set %d\%s\%s to %s\0DeleteRegKey", ) , ) == 0x0
 00780   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "teRegValue: %d\%s\%s\0\0\0\0WriteINIStr: wrote [%s] %s=%s in %s\0\0\0\0\0CopyFiles "%s"->"%s"\0\0\0\0\0\0\0\0CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d\0\0\0Error registering DLL: Could not initialize OLE\0Error registering DLL: Could not load '%s' -> '%s'\0\0Error registering DLL: %s not found in %s\0\0\0RegDLL: Could not load '%s' -> '%s'\0\\0\0\0Exec: failed createprocess ("%s")\0\0\0Exec: success ("%s")\0\0\0\0Exec: command="%s"\0\0ExecShell: success ("%s": file:"%s" params:"%s")\0\0\0\0ExecShell: warning: ", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "teRegValue: %d\%s\%s\0\0\0\0WriteINIStr: wrote [%s] %s=%s in %s\0\0\0\0\0CopyFiles "%s"->"%s"\0\0\0\0\0\0\0\0CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d\0\0\0Error registering DLL: Could not initialize OLE\0Error registering DLL: Could not load '%s' -> '%s'\0\0Error registering DLL: %s not found in %s\0\0\0RegDLL: Could not load '%s' -> '%s'\0\\0\0\0Exec: failed createprocess ("%s")\0\0\0Exec: success ("%s")\0\0\0\0Exec: command="%s"\0\0ExecShell: success ("%s": file:"%s" params:"%s")\0\0\0\0ExecShell: warning: ", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "teRegValue: %d\%s\%s\0\0\0\0WriteINIStr: wrote [%s] %s=%s in %s\0\0\0\0\0CopyFiles "%s"->"%s"\0\0\0\0\0\0\0\0CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d\0\0\0Error registering DLL: Could not initialize OLE\0Error registering DLL: Could not load '%s' -> '%s'\0\0Error registering DLL: %s not found in %s\0\0\0RegDLL: Could not load '%s' -> '%s'\0\\0\0\0Exec: failed createprocess ("%s")\0\0\0Exec: success ("%s")\0\0\0\0Exec: command="%s"\0\0ExecShell: success ("%s": file:"%s" params:"%s")\0\0\0\0ExecShell: warning: ", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "teRegValue: %d\%s\%s\0\0\0\0WriteINIStr: wrote [%s] %s=%s in %s\0\0\0\0\0CopyFiles "%s"->"%s"\0\0\0\0\0\0\0\0CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d\0\0\0Error registering DLL: Could not initialize OLE\0Error registering DLL: Could not load '%s' -> '%s'\0\0Error registering DLL: %s not found in %s\0\0\0RegDLL: Could not load '%s' -> '%s'\0\\0\0\0Exec: failed createprocess ("%s")\0\0\0Exec: success ("%s")\0\0\0\0Exec: command="%s"\0\0ExecShell: success ("%s": file:"%s" params:"%s")\0\0\0\0ExecShell: warning: ", ) %s %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "teRegValue: %d\%s\%s\0\0\0\0WriteINIStr: wrote [%s] %s=%s in %s\0\0\0\0\0CopyFiles "%s"->"%s"\0\0\0\0\0\0\0\0CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d\0\0\0Error registering DLL: Could not initialize OLE\0Error registering DLL: Could not load '%s' -> '%s'\0\0Error registering DLL: %s not found in %s\0\0\0RegDLL: Could not load '%s' -> '%s'\0\\0\0\0Exec: failed createprocess ("%s")\0\0\0Exec: success ("%s")\0\0\0\0Exec: command="%s"\0\0ExecShell: success ("%s": file:"%s" params:"%s")\0\0\0\0ExecShell: warning: ", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "teRegValue: %d\%s\%s\0\0\0\0WriteINIStr: wrote [%s] %s=%s in %s\0\0\0\0\0CopyFiles "%s"->"%s"\0\0\0\0\0\0\0\0CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d\0\0\0Error registering DLL: Could not initialize OLE\0Error registering DLL: Could not load '%s' -> '%s'\0\0Error registering DLL: %s not found in %s\0\0\0RegDLL: Could not load '%s' -> '%s'\0\\0\0\0Exec: failed createprocess ("%s")\0\0\0Exec: success ("%s")\0\0\0\0Exec: command="%s"\0\0ExecShell: success ("%s": file:"%s" params:"%s")\0\0\0\0ExecShell: warning: ", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "teRegValue: %d\%s\%s\0\0\0\0WriteINIStr: wrote [%s] %s=%s in %s\0\0\0\0\0CopyFiles "%s"->"%s"\0\0\0\0\0\0\0\0CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d\0\0\0Error registering DLL: Could not initialize OLE\0Error registering DLL: Could not load '%s' -> '%s'\0\0Error registering DLL: %s not found in %s\0\0\0RegDLL: Could not load '%s' -> '%s'\0\\0\0\0Exec: failed createprocess ("%s")\0\0\0Exec: success ("%s")\0\0\0\0Exec: command="%s"\0\0ExecShell: success ("%s": file:"%s" params:"%s")\0\0\0\0ExecShell: warning: ", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "teRegValue: %d\%s\%s\0\0\0\0WriteINIStr: wrote [%s] %s=%s in %s\0\0\0\0\0CopyFiles "%s"->"%s"\0\0\0\0\0\0\0\0CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d\0\0\0Error registering DLL: Could not initialize OLE\0Error registering DLL: Could not load '%s' -> '%s'\0\0Error registering DLL: %s not found in %s\0\0\0RegDLL: Could not load '%s' -> '%s'\0\\0\0\0Exec: failed createprocess ("%s")\0\0\0Exec: success ("%s")\0\0\0\0Exec: command="%s"\0\0ExecShell: success ("%s": file:"%s" params:"%s")\0\0\0\0ExecShell: warning: ", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "teRegValue: %d\%s\%s\0\0\0\0WriteINIStr: wrote [%s] %s=%s in %s\0\0\0\0\0CopyFiles "%s"->"%s"\0\0\0\0\0\0\0\0CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d\0\0\0Error registering DLL: Could not initialize OLE\0Error registering DLL: Could not load '%s' -> '%s'\0\0Error registering DLL: %s not found in %s\0\0\0RegDLL: Could not load '%s' -> '%s'\0\\0\0\0Exec: failed createprocess ("%s")\0\0\0Exec: success ("%s")\0\0\0\0Exec: command="%s"\0\0ExecShell: success ("%s": file:"%s" params:"%s")\0\0\0\0ExecShell: warning: ", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "teRegValue: %d\%s\%s\0\0\0\0WriteINIStr: wrote [%s] %s=%s in %s\0\0\0\0\0CopyFiles "%s"->"%s"\0\0\0\0\0\0\0\0CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d\0\0\0Error registering DLL: Could not initialize OLE\0Error registering DLL: Could not load '%s' -> '%s'\0\0Error registering DLL: %s not found in %s\0\0\0RegDLL: Could not load '%s' -> '%s'\0\\0\0\0Exec: failed createprocess ("%s")\0\0\0Exec: success ("%s")\0\0\0\0Exec: command="%s"\0\0ExecShell: success ("%s": file:"%s" params:"%s")\0\0\0\0ExecShell: warning: ", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "teRegValue: %d\%s\%s\0\0\0\0WriteINIStr: wrote [%s] %s=%s in %s\0\0\0\0\0CopyFiles "%s"->"%s"\0\0\0\0\0\0\0\0CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d\0\0\0Error registering DLL: Could not initialize OLE\0Error registering DLL: Could not load '%s' -> '%s'\0\0Error registering DLL: %s not found in %s\0\0\0RegDLL: Could not load '%s' -> '%s'\0\\0\0\0Exec: failed createprocess ("%s")\0\0\0Exec: success ("%s")\0\0\0\0Exec: command="%s"\0\0ExecShell: success ("%s": file:"%s" params:"%s")\0\0\0\0ExecShell: warning: ", ) , ) == 0x0
 00781   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, " file:"%s" params:"%s")=%d\0\0%s %s\0\0\0HideWindow\0\0Pop: stack empty\0\0\0\0Exch: stack < %d elements\0\0\0RMDir: "%s"\0MessageBox: %d,"%s"\0Delete: "%s"\0\0\0\0%s\0\0File: wrote %d to "%s"\0\0File: error, user cancel\0\0\0\0File: skipped: "%s" (overwriteflag=%d)\0\0File: error, user abort\0File: error, user retry\0File: error creating "%s"\0\0\0File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"\0\0\0\0Rename failed: %s\0\0\0Rename on reboot: %s\0\0\0\0Rename: %s\0\0->\0\0IfFileExists: file "%s" does not exist, jumping %d\0\0IfFileExists", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, " file:"%s" params:"%s")=%d\0\0%s %s\0\0\0HideWindow\0\0Pop: stack empty\0\0\0\0Exch: stack < %d elements\0\0\0RMDir: "%s"\0MessageBox: %d,"%s"\0Delete: "%s"\0\0\0\0%s\0\0File: wrote %d to "%s"\0\0File: error, user cancel\0\0\0\0File: skipped: "%s" (overwriteflag=%d)\0\0File: error, user abort\0File: error, user retry\0File: error creating "%s"\0\0\0File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"\0\0\0\0Rename failed: %s\0\0\0Rename on reboot: %s\0\0\0\0Rename: %s\0\0->\0\0IfFileExists: file "%s" does not exist, jumping %d\0\0IfFileExists", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, " file:"%s" params:"%s")=%d\0\0%s %s\0\0\0HideWindow\0\0Pop: stack empty\0\0\0\0Exch: stack < %d elements\0\0\0RMDir: "%s"\0MessageBox: %d,"%s"\0Delete: "%s"\0\0\0\0%s\0\0File: wrote %d to "%s"\0\0File: error, user cancel\0\0\0\0File: skipped: "%s" (overwriteflag=%d)\0\0File: error, user abort\0File: error, user retry\0File: error creating "%s"\0\0\0File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"\0\0\0\0Rename failed: %s\0\0\0Rename on reboot: %s\0\0\0\0Rename: %s\0\0->\0\0IfFileExists: file "%s" does not exist, jumping %d\0\0IfFileExists", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, " file:"%s" params:"%s")=%d\0\0%s %s\0\0\0HideWindow\0\0Pop: stack empty\0\0\0\0Exch: stack < %d elements\0\0\0RMDir: "%s"\0MessageBox: %d,"%s"\0Delete: "%s"\0\0\0\0%s\0\0File: wrote %d to "%s"\0\0File: error, user cancel\0\0\0\0File: skipped: "%s" (overwriteflag=%d)\0\0File: error, user abort\0File: error, user retry\0File: error creating "%s"\0\0\0File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"\0\0\0\0Rename failed: %s\0\0\0Rename on reboot: %s\0\0\0\0Rename: %s\0\0->\0\0IfFileExists: file "%s" does not exist, jumping %d\0\0IfFileExists", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, " file:"%s" params:"%s")=%d\0\0%s %s\0\0\0HideWindow\0\0Pop: stack empty\0\0\0\0Exch: stack < %d elements\0\0\0RMDir: "%s"\0MessageBox: %d,"%s"\0Delete: "%s"\0\0\0\0%s\0\0File: wrote %d to "%s"\0\0File: error, user cancel\0\0\0\0File: skipped: "%s" (overwriteflag=%d)\0\0File: error, user abort\0File: error, user retry\0File: error creating "%s"\0\0\0File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"\0\0\0\0Rename failed: %s\0\0\0Rename on reboot: %s\0\0\0\0Rename: %s\0\0->\0\0IfFileExists: file "%s" does not exist, jumping %d\0\0IfFileExists", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, " file:"%s" params:"%s")=%d\0\0%s %s\0\0\0HideWindow\0\0Pop: stack empty\0\0\0\0Exch: stack < %d elements\0\0\0RMDir: "%s"\0MessageBox: %d,"%s"\0Delete: "%s"\0\0\0\0%s\0\0File: wrote %d to "%s"\0\0File: error, user cancel\0\0\0\0File: skipped: "%s" (overwriteflag=%d)\0\0File: error, user abort\0File: error, user retry\0File: error creating "%s"\0\0\0File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"\0\0\0\0Rename failed: %s\0\0\0Rename on reboot: %s\0\0\0\0Rename: %s\0\0->\0\0IfFileExists: file "%s" does not exist, jumping %d\0\0IfFileExists", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, " file:"%s" params:"%s")=%d\0\0%s %s\0\0\0HideWindow\0\0Pop: stack empty\0\0\0\0Exch: stack < %d elements\0\0\0RMDir: "%s"\0MessageBox: %d,"%s"\0Delete: "%s"\0\0\0\0%s\0\0File: wrote %d to "%s"\0\0File: error, user cancel\0\0\0\0File: skipped: "%s" (overwriteflag=%d)\0\0File: error, user abort\0File: error, user retry\0File: error creating "%s"\0\0\0File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"\0\0\0\0Rename failed: %s\0\0\0Rename on reboot: %s\0\0\0\0Rename: %s\0\0->\0\0IfFileExists: file "%s" does not exist, jumping %d\0\0IfFileExists", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, " file:"%s" params:"%s")=%d\0\0%s %s\0\0\0HideWindow\0\0Pop: stack empty\0\0\0\0Exch: stack < %d elements\0\0\0RMDir: "%s"\0MessageBox: %d,"%s"\0Delete: "%s"\0\0\0\0%s\0\0File: wrote %d to "%s"\0\0File: error, user cancel\0\0\0\0File: skipped: "%s" (overwriteflag=%d)\0\0File: error, user abort\0File: error, user retry\0File: error creating "%s"\0\0\0File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"\0\0\0\0Rename failed: %s\0\0\0Rename on reboot: %s\0\0\0\0Rename: %s\0\0->\0\0IfFileExists: file "%s" does not exist, jumping %d\0\0IfFileExists", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, " file:"%s" params:"%s")=%d\0\0%s %s\0\0\0HideWindow\0\0Pop: stack empty\0\0\0\0Exch: stack < %d elements\0\0\0RMDir: "%s"\0MessageBox: %d,"%s"\0Delete: "%s"\0\0\0\0%s\0\0File: wrote %d to "%s"\0\0File: error, user cancel\0\0\0\0File: skipped: "%s" (overwriteflag=%d)\0\0File: error, user abort\0File: error, user retry\0File: error creating "%s"\0\0\0File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"\0\0\0\0Rename failed: %s\0\0\0Rename on reboot: %s\0\0\0\0Rename: %s\0\0->\0\0IfFileExists: file "%s" does not exist, jumping %d\0\0IfFileExists", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, " file:"%s" params:"%s")=%d\0\0%s %s\0\0\0HideWindow\0\0Pop: stack empty\0\0\0\0Exch: stack < %d elements\0\0\0RMDir: "%s"\0MessageBox: %d,"%s"\0Delete: "%s"\0\0\0\0%s\0\0File: wrote %d to "%s"\0\0File: error, user cancel\0\0\0\0File: skipped: "%s" (overwriteflag=%d)\0\0File: error, user abort\0File: error, user retry\0File: error creating "%s"\0\0\0File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"\0\0\0\0Rename failed: %s\0\0\0Rename on reboot: %s\0\0\0\0Rename: %s\0\0->\0\0IfFileExists: file "%s" does not exist, jumping %d\0\0IfFileExists", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, " file:"%s" params:"%s")=%d\0\0%s %s\0\0\0HideWindow\0\0Pop: stack empty\0\0\0\0Exch: stack < %d elements\0\0\0RMDir: "%s"\0MessageBox: %d,"%s"\0Delete: "%s"\0\0\0\0%s\0\0File: wrote %d to "%s"\0\0File: error, user cancel\0\0\0\0File: skipped: "%s" (overwriteflag=%d)\0\0File: error, user abort\0File: error, user retry\0File: error creating "%s"\0\0\0File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"\0\0\0\0Rename failed: %s\0\0\0Rename on reboot: %s\0\0\0\0Rename: %s\0\0->\0\0IfFileExists: file "%s" does not exist, jumping %d\0\0IfFileExists", ) , ) == 0x0
 00782   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "exists, jumping %d\0\0CreateDirectory: "%s" (%d)\0\0SetFileAttributes failed.\0\0\0SetFileAttributes: "%s":%08X\0\0\0\0BringToFront\0\0\0\0Sleep(%d)\0\0\0detailprint: %s\0Call: %d\0\0\0\0Aborting: "%s"\0\0Jump: %d\0\0\0\0... %d%%\0\0\0\0unpacking data: %d%%\0\0\0\0\0\0\0\0The installer you are trying to use is corrupted or incomplete.\12This could be the result of a damaged disk, a failed download or a virus.\12\12You may want to contact the author of this installer to obtain a new copy.\12\12It may be possible to skip this check using the /NCRC", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "exists, jumping %d\0\0CreateDirectory: "%s" (%d)\0\0SetFileAttributes failed.\0\0\0SetFileAttributes: "%s":%08X\0\0\0\0BringToFront\0\0\0\0Sleep(%d)\0\0\0detailprint: %s\0Call: %d\0\0\0\0Aborting: "%s"\0\0Jump: %d\0\0\0\0... %d%%\0\0\0\0unpacking data: %d%%\0\0\0\0\0\0\0\0The installer you are trying to use is corrupted or incomplete.\12This could be the result of a damaged disk, a failed download or a virus.\12\12You may want to contact the author of this installer to obtain a new copy.\12\12It may be possible to skip this check using the /NCRC", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "exists, jumping %d\0\0CreateDirectory: "%s" (%d)\0\0SetFileAttributes failed.\0\0\0SetFileAttributes: "%s":%08X\0\0\0\0BringToFront\0\0\0\0Sleep(%d)\0\0\0detailprint: %s\0Call: %d\0\0\0\0Aborting: "%s"\0\0Jump: %d\0\0\0\0... %d%%\0\0\0\0unpacking data: %d%%\0\0\0\0\0\0\0\0The installer you are trying to use is corrupted or incomplete.\12This could be the result of a damaged disk, a failed download or a virus.\12\12You may want to contact the author of this installer to obtain a new copy.\12\12It may be possible to skip this check using the /NCRC", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "exists, jumping %d\0\0CreateDirectory: "%s" (%d)\0\0SetFileAttributes failed.\0\0\0SetFileAttributes: "%s":%08X\0\0\0\0BringToFront\0\0\0\0Sleep(%d)\0\0\0detailprint: %s\0Call: %d\0\0\0\0Aborting: "%s"\0\0Jump: %d\0\0\0\0... %d%%\0\0\0\0unpacking data: %d%%\0\0\0\0\0\0\0\0The installer you are trying to use is corrupted or incomplete.\12This could be the result of a damaged disk, a failed download or a virus.\12\12You may want to contact the author of this installer to obtain a new copy.\12\12It may be possible to skip this check using the /NCRC", ) , ) == 0x0
 00783   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "e switch\12(NOT RECOMMENDED).\0\0\0\0\0Error writing temporary file. Make sure your temp folder is valid.\0\0verifying installer: %d%%\0\0\0Error launching installer\0\0\0SeShutdownPrivilege\0AdjustTokenPrivileges\0\0\0LookupPrivilegeValueA\0\0\0OpenProcessToken\0\0\0\0ADVAPI32.dll\0\0\0\0 _?=\0\0\0\0" \0\0Out of Memory\0\0\0Extraction pathname not properly delimited.\12\12Try using quotes or a shorter path.\0\0\0\0C:\NSIS_ExtractFiles\\0\0\0\Temp\0\0\0NSIS Error\0\0install.log\0open\0\0\0\0%u.%u%s%s\0\0\0GetDiskFreeSpaceExA\0KERNEL32.dll\0\0\0\0Section: "%s"\0\0\0", )  \0\0Out of Memory\0\0\0Extraction pathname not properly delimited.\12\12Try using quotes or a shorter path.\0\0\0\0C:\NSIS_ExtractFiles\\0\0\0\Temp\0\0\0NSIS Error\0\0install.log\0open\0\0\0\0%u.%u%s%s\0\0\0GetDiskFreeSpaceExA\0KERNEL32.dll\0\0\0\0Section:  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "e switch\12(NOT RECOMMENDED).\0\0\0\0\0Error writing temporary file. Make sure your temp folder is valid.\0\0verifying installer: %d%%\0\0\0Error launching installer\0\0\0SeShutdownPrivilege\0AdjustTokenPrivileges\0\0\0LookupPrivilegeValueA\0\0\0OpenProcessToken\0\0\0\0ADVAPI32.dll\0\0\0\0 _?=\0\0\0\0" \0\0Out of Memory\0\0\0Extraction pathname not properly delimited.\12\12Try using quotes or a shorter path.\0\0\0\0C:\NSIS_ExtractFiles\\0\0\0\Temp\0\0\0NSIS Error\0\0install.log\0open\0\0\0\0%u.%u%s%s\0\0\0GetDiskFreeSpaceExA\0KERNEL32.dll\0\0\0\0Section: "%s"\0\0\0", ) \0\0\0", ) == 0x0
 00784   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "tion: "%s"\0\0New install of "%s" to "%s"\0.exe\0\0\0\0%d\0\0*?|<>/":\0\0\0\0\15\12\0\0\12[\0\0[Rename]\15\12\0\0\wininit.ini\0\0\0\0%s=%s\15\12\0NUL\0MoveFileExA\0C:\Program Files\0\0\0\0ProgramFilesDir\0Software\Microsoft\Windows\CurrentVersion\0\0\0CommonFilesDir\0\0\Microsoft\Internet Explorer\Quick Launch\0\0\0RMDir: RemoveDirectory failed("%s")\0RMDir: RemoveDirectory on Reboot("%s")\0\0RMDir: RemoveDirectory("%s")\0\0\0\0Delete: DeleteFile failed("%s")\0Delete: DeleteFile on Reboot("%s")\0\0Delete: DeleteFile("%s")\0\0\0\0\*.*\0\0\0\0\356\24\2\0\0\0\0\0\300\0\0\0\0\0\0F\1\24\2\0\0\0\0\0", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "tion: "%s"\0\0New install of "%s" to "%s"\0.exe\0\0\0\0%d\0\0*?|<>/":\0\0\0\0\15\12\0\0\12[\0\0[Rename]\15\12\0\0\wininit.ini\0\0\0\0%s=%s\15\12\0NUL\0MoveFileExA\0C:\Program Files\0\0\0\0ProgramFilesDir\0Software\Microsoft\Windows\CurrentVersion\0\0\0CommonFilesDir\0\0\Microsoft\Internet Explorer\Quick Launch\0\0\0RMDir: RemoveDirectory failed("%s")\0RMDir: RemoveDirectory on Reboot("%s")\0\0RMDir: RemoveDirectory("%s")\0\0\0\0Delete: DeleteFile failed("%s")\0Delete: DeleteFile on Reboot("%s")\0\0Delete: DeleteFile("%s")\0\0\0\0\*.*\0\0\0\0\356\24\2\0\0\0\0\0\300\0\0\0\0\0\0F\1\24\2\0\0\0\0\0", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "tion: "%s"\0\0New install of "%s" to "%s"\0.exe\0\0\0\0%d\0\0*?|<>/":\0\0\0\0\15\12\0\0\12[\0\0[Rename]\15\12\0\0\wininit.ini\0\0\0\0%s=%s\15\12\0NUL\0MoveFileExA\0C:\Program Files\0\0\0\0ProgramFilesDir\0Software\Microsoft\Windows\CurrentVersion\0\0\0CommonFilesDir\0\0\Microsoft\Internet Explorer\Quick Launch\0\0\0RMDir: RemoveDirectory failed("%s")\0RMDir: RemoveDirectory on Reboot("%s")\0\0RMDir: RemoveDirectory("%s")\0\0\0\0Delete: DeleteFile failed("%s")\0Delete: DeleteFile on Reboot("%s")\0\0Delete: DeleteFile("%s")\0\0\0\0\*.*\0\0\0\0\356\24\2\0\0\0\0\0\300\0\0\0\0\0\0F\1\24\2\0\0\0\0\0", ) %s (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "tion: "%s"\0\0New install of "%s" to "%s"\0.exe\0\0\0\0%d\0\0*?|<>/":\0\0\0\0\15\12\0\0\12[\0\0[Rename]\15\12\0\0\wininit.ini\0\0\0\0%s=%s\15\12\0NUL\0MoveFileExA\0C:\Program Files\0\0\0\0ProgramFilesDir\0Software\Microsoft\Windows\CurrentVersion\0\0\0CommonFilesDir\0\0\Microsoft\Internet Explorer\Quick Launch\0\0\0RMDir: RemoveDirectory failed("%s")\0RMDir: RemoveDirectory on Reboot("%s")\0\0RMDir: RemoveDirectory("%s")\0\0\0\0Delete: DeleteFile failed("%s")\0Delete: DeleteFile on Reboot("%s")\0\0Delete: DeleteFile("%s")\0\0\0\0\*.*\0\0\0\0\356\24\2\0\0\0\0\0\300\0\0\0\0\0\0F\1\24\2\0\0\0\0\0", ) :\0\0\0\0\15\12\0\0\12[\0\0[Rename]\15\12\0\0\wininit.ini\0\0\0\0%s=%s\15\12\0NUL\0MoveFileExA\0C:\Program Files\0\0\0\0ProgramFilesDir\0Software\Microsoft\Windows\CurrentVersion\0\0\0CommonFilesDir\0\0\Microsoft\Internet Explorer\Quick Launch\0\0\0RMDir: RemoveDirectory failed( (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "tion: "%s"\0\0New install of "%s" to "%s"\0.exe\0\0\0\0%d\0\0*?|<>/":\0\0\0\0\15\12\0\0\12[\0\0[Rename]\15\12\0\0\wininit.ini\0\0\0\0%s=%s\15\12\0NUL\0MoveFileExA\0C:\Program Files\0\0\0\0ProgramFilesDir\0Software\Microsoft\Windows\CurrentVersion\0\0\0CommonFilesDir\0\0\Microsoft\Internet Explorer\Quick Launch\0\0\0RMDir: RemoveDirectory failed("%s")\0RMDir: RemoveDirectory on Reboot("%s")\0\0RMDir: RemoveDirectory("%s")\0\0\0\0Delete: DeleteFile failed("%s")\0Delete: DeleteFile on Reboot("%s")\0\0Delete: DeleteFile("%s")\0\0\0\0\*.*\0\0\0\0\356\24\2\0\0\0\0\0\300\0\0\0\0\0\0F\1\24\2\0\0\0\0\0", ) )\0RMDir: RemoveDirectory on Reboot( (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "tion: "%s"\0\0New install of "%s" to "%s"\0.exe\0\0\0\0%d\0\0*?|<>/":\0\0\0\0\15\12\0\0\12[\0\0[Rename]\15\12\0\0\wininit.ini\0\0\0\0%s=%s\15\12\0NUL\0MoveFileExA\0C:\Program Files\0\0\0\0ProgramFilesDir\0Software\Microsoft\Windows\CurrentVersion\0\0\0CommonFilesDir\0\0\Microsoft\Internet Explorer\Quick Launch\0\0\0RMDir: RemoveDirectory failed("%s")\0RMDir: RemoveDirectory on Reboot("%s")\0\0RMDir: RemoveDirectory("%s")\0\0\0\0Delete: DeleteFile failed("%s")\0Delete: DeleteFile on Reboot("%s")\0\0Delete: DeleteFile("%s")\0\0\0\0\*.*\0\0\0\0\356\24\2\0\0\0\0\0\300\0\0\0\0\0\0F\1\24\2\0\0\0\0\0", ) )\0\0RMDir: RemoveDirectory( (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "tion: "%s"\0\0New install of "%s" to "%s"\0.exe\0\0\0\0%d\0\0*?|<>/":\0\0\0\0\15\12\0\0\12[\0\0[Rename]\15\12\0\0\wininit.ini\0\0\0\0%s=%s\15\12\0NUL\0MoveFileExA\0C:\Program Files\0\0\0\0ProgramFilesDir\0Software\Microsoft\Windows\CurrentVersion\0\0\0CommonFilesDir\0\0\Microsoft\Internet Explorer\Quick Launch\0\0\0RMDir: RemoveDirectory failed("%s")\0RMDir: RemoveDirectory on Reboot("%s")\0\0RMDir: RemoveDirectory("%s")\0\0\0\0Delete: DeleteFile failed("%s")\0Delete: DeleteFile on Reboot("%s")\0\0Delete: DeleteFile("%s")\0\0\0\0\*.*\0\0\0\0\356\24\2\0\0\0\0\0\300\0\0\0\0\0\0F\1\24\2\0\0\0\0\0", ) )\0\0\0\0Delete: DeleteFile failed( (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "tion: "%s"\0\0New install of "%s" to "%s"\0.exe\0\0\0\0%d\0\0*?|<>/":\0\0\0\0\15\12\0\0\12[\0\0[Rename]\15\12\0\0\wininit.ini\0\0\0\0%s=%s\15\12\0NUL\0MoveFileExA\0C:\Program Files\0\0\0\0ProgramFilesDir\0Software\Microsoft\Windows\CurrentVersion\0\0\0CommonFilesDir\0\0\Microsoft\Internet Explorer\Quick Launch\0\0\0RMDir: RemoveDirectory failed("%s")\0RMDir: RemoveDirectory on Reboot("%s")\0\0RMDir: RemoveDirectory("%s")\0\0\0\0Delete: DeleteFile failed("%s")\0Delete: DeleteFile on Reboot("%s")\0\0Delete: DeleteFile("%s")\0\0\0\0\*.*\0\0\0\0\356\24\2\0\0\0\0\0\300\0\0\0\0\0\0F\1\24\2\0\0\0\0\0", ) )\0Delete: DeleteFile on Reboot( (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "tion: "%s"\0\0New install of "%s" to "%s"\0.exe\0\0\0\0%d\0\0*?|<>/":\0\0\0\0\15\12\0\0\12[\0\0[Rename]\15\12\0\0\wininit.ini\0\0\0\0%s=%s\15\12\0NUL\0MoveFileExA\0C:\Program Files\0\0\0\0ProgramFilesDir\0Software\Microsoft\Windows\CurrentVersion\0\0\0CommonFilesDir\0\0\Microsoft\Internet Explorer\Quick Launch\0\0\0RMDir: RemoveDirectory failed("%s")\0RMDir: RemoveDirectory on Reboot("%s")\0\0RMDir: RemoveDirectory("%s")\0\0\0\0Delete: DeleteFile failed("%s")\0Delete: DeleteFile on Reboot("%s")\0\0Delete: DeleteFile("%s")\0\0\0\0\*.*\0\0\0\0\356\24\2\0\0\0\0\0\300\0\0\0\0\0\0F\1\24\2\0\0\0\0\0", ) )\0\0Delete: DeleteFile( (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "tion: "%s"\0\0New install of "%s" to "%s"\0.exe\0\0\0\0%d\0\0*?|<>/":\0\0\0\0\15\12\0\0\12[\0\0[Rename]\15\12\0\0\wininit.ini\0\0\0\0%s=%s\15\12\0NUL\0MoveFileExA\0C:\Program Files\0\0\0\0ProgramFilesDir\0Software\Microsoft\Windows\CurrentVersion\0\0\0CommonFilesDir\0\0\Microsoft\Internet Explorer\Quick Launch\0\0\0RMDir: RemoveDirectory failed("%s")\0RMDir: RemoveDirectory on Reboot("%s")\0\0RMDir: RemoveDirectory("%s")\0\0\0\0Delete: DeleteFile failed("%s")\0Delete: DeleteFile on Reboot("%s")\0\0Delete: DeleteFile("%s")\0\0\0\0\*.*\0\0\0\0\356\24\2\0\0\0\0\0\300\0\0\0\0\0\0F\1\24\2\0\0\0\0\0", ) )\0\0\0\0\*.*\0\0\0\0\356\24\2\0\0\0\0\0\300\0\0\0\0\0\0F\1\24\2\0\0\0\0\0", ) == 0x0
 00785   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\0\0\0\0\300\0\0\0\0\0\0F\350\216\0\0\0\0\0\0\0\0\0\0\236\221\0\0(\200\0\0@\221\0\0\0\0\0\0\0\0\0\0\356\221\0\0\200\202\0\0 \217\0\0\0\0\0\0\0\0\0\0V\226\0\0`\200\0\0@\220\0\0\0\0\0\0\0\0\0\0h\232\0\0\200\201\0\0\374\216\0\0\0\0\0\0\0\0\0\0\372\232\0\0<\200\0\0\300\216\0\0\0\0\0\0\0\0\0\0\232\233\0\0\0\200\0\0$\220\0\0\0\0\0\0\0\0\0\0&\234\0\0d\201\0\0P\221\0\0\0\0\0\0\0\0\0\0h\234\0\0\220\202\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\233\0\0"\233\0\00\233\0\0@\233\0\0\210\233\0\0v\233\0\0d\233\0\0P\233\0\0\24\233\0\0\0\0\0\0\21\0\0\200t\221\0\0`\221\0\0\212\221\0\0\0\0\0\0\334\232\0\0\314\232\0\0\266\232\0\0\240\232\0\0\224\232\0\0\204\232\0\0\354\232\0\0t\232\0\0\0\0\0\0\370\222\0\0\12\223\0\0\32\223\0\0.\223\0\0>\223\0\0T\223\0\0j\223\0\0\206\223\0\0\240\223\0\0\254\223\0\0\272\223\0\0\310\223\0\0\336\223\0\0\360\223\0\0\376\223\0\0\22\224\0\0&\224\0\02\224\0\0>\224\0\0V\224\0\0l\224\0\0t\224\0\0\204\224\0\0\222\224\0\0\350\222\0\0\266\224\0\0\312\224\0\0\330\224\0\0\354\224\0\0\370\224\0\0\4\225\0\0\26\225\0\0.\225\0\0>\225\0\0V\225\0\0j\225\0\0z\225\0\0\210\225\0\0\226\225\0\0\246\225\0\0\270\225\0\0\314\225\0\0\330\225\0\0\344\225\0\0\364\225\0\0\6\226\0\0\26\226\0\0,\226\0\0B\226\0\0\372\221\0\0\4\222\0\0\326\222\0\0\310\222\0\0", ) \233\0\00\233\0\0@\233\0\0\210\233\0\0v\233\0\0d\233\0\0P\233\0\0\24\233\0\0\0\0\0\0\21\0\0\200t\221\0\0`\221\0\0\212\221\0\0\0\0\0\0\334\232\0\0\314\232\0\0\266\232\0\0\240\232\0\0\224\232\0\0\204\232\0\0\354\232\0\0t\232\0\0\0\0\0\0\370\222\0\0\12\223\0\0\32\223\0\0.\223\0\0>\223\0\0T\223\0\0j\223\0\0\206\223\0\0\240\223\0\0\254\223\0\0\272\223\0\0\310\223\0\0\336\223\0\0\360\223\0\0\376\223\0\0\22\224\0\0&\224\0\02\224\0\0>\224\0\0V\224\0\0l\224\0\0t\224\0\0\204\224\0\0\222\224\0\0\350\222\0\0\266\224\0\0\312\224\0\0\330\224\0\0\354\224\0\0\370\224\0\0\4\225\0\0\26\225\0\0.\225\0\0>\225\0\0V\225\0\0j\225\0\0z\225\0\0\210\225\0\0\226\225\0\0\246\225\0\0\270\225\0\0\314\225\0\0\330\225\0\0\344\225\0\0\364\225\0\0\6\226\0\0\26\226\0\0,\226\0\0B\226\0\0\372\221\0\0\4\222\0\0\326\222\0\0\310\222\0\0", ) == 0x0
 00786   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "x\222\0\0l\222\0\0`\222\0\0N\222\0\0B\222\0\02\222\0\0 \222\0\0\240\224\0\0\0\0\0\0\274\233\0\0\344\233\0\0\372\233\0\0\10\234\0\0\250\233\0\0\314\233\0\0\0\0\0\0\262\227\0\0\304\227\0\0\326\227\0\0\342\227\0\0\362\227\0\0\10\230\0\0\30\230\0\0$\230\0\02\230\0\0D\230\0\0R\230\0\0^\230\0\0p\230\0\0\204\230\0\0\232\230\0\0\254\230\0\0\274\230\0\0\316\230\0\0\340\230\0\0\356\230\0\0\0\231\0\0\24\231\0\0&\231\0\06\231\0\0H\231\0\0X\231\0\0f\231\0\0x\231\0\0\214\231\0\0\230\231\0\0\250\231\0\0\272\231\0\0\312\231\0\0\334\231\0\0\354\231\0\0\376\231\0\0\26\232\0\0(\232\0\0:\232\0\0L\232\0\0Z\232\0\0\234\227\0\0\216\227\0\0\202\227\0\0v\227\0\0`\227\0\0P\227\0\0D\227\0\06\227\0\0$\227\0\0\26\227\0\0\16\227\0\0\376\226\0\0\356\226\0\0\332\226\0\0\310\226\0\0\246\226\0\0\230\226\0\0\210\226\0\0|\226\0\0p\226\0\0d\226\0\0\270\226\0\0\0\0\0\0\324\221\0\0\276\221\0\0\254\221\0\0\0\0\0\0F\234\0\0X\234\0\02\234\0\0\0\0\0\08\0ImageList_Destroy\04\0ImageList_AddMasked\07\0ImageList_Create\0\0COMCTL32.dll\0\0\12\0VerQueryValueA\0\0\0\0GetFileVersionInfoA\0\1\0GetFileVersionInfoSizeA\0VERSIO", ) , ) == 0x0
 00787   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "iv\0\0|\0DeleteFileA\0\365\1GlobalFree\0\0\311\0FindFirstFileA\0\0\323\0FindNextFileA\0\305\0FindClose\0\16\3SetFilePointer\0\0\251\2ReadFile\0\0\224\3WriteFile\0\224\1GetPrivateProfileStringA\0\0\231\3WritePrivateProfileStringA\0\0k\2MultiByteToWideChar\0\357\0FreeLibrary\0\230\1GetProcAddress\0\0H\2LoadLibraryA\0\0\352\0FormatMessageA\0\0i\1GetLastError\0\0w\1GetModuleHandleA\0\0\10\3SetErrorMode\0\0R\1GetExitCodeProcess\0\0\203\3WaitForSingleObject\0\262\0ExpandEnvironmentStringsA\0P\1GetEnvironmentVariableA\0\263\3lstrcmpiA\0.\0CloseHandle\0\22\3SetFileTime\0V\1GetFileAttributesA\0\03\0CompareFileTime\0\316\2Se", ) , ) == 0x0
 00788   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "GetShortPathNameA\0a\1GetFullPathNameA\0\0d\2MoveFileA\0\255\3lstrcatA\0\0\375\2SetCurrentDirectoryA\0\0\14\3SetFileAttributesA\0\0G\3Sleep\0\325\1GetTickCount\0\0M\0CreateFileA\0[\1GetFileSize\0u\1GetModuleFileNameA\0\0E\0CreateDirectoryA\0\0\257\0ExitProcess\0:\1GetCurrentProcess\0=\0CopyFileA\0\271\3lstrcpynA\0\10\1GetCommandLineA\0\351\1GetWindowsDirectoryA\0\0\313\1GetTempPathA\0\0\332\1GetUserDefaultLangID\0\0E\1GetDiskFreeSpaceA\0\0\2GlobalUnlock\0\0\371\1GlobalLock\0\0\356\1GlobalAlloc\0i\0CreateThread\0\0`\0CreateProcessA\0\0\311\1GetTempFileNameA\0\0\266\3lstrcpyA\0\0\274\3lstrlenA\0\0\3\3SetEndOfFile\0\0", ) , ) == 0x0
 00789   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "fFile\0^\2MapViewOfFile\0N\0CreateFileMappingA\0\0\271\1GetSystemDirectoryA\0\270\2RemoveDirectoryA\0\0KERNEL32.dll\0\0\310\0EndPaint\0\0\274\0DrawTextA\0\342\0FillRect\0\0\377\0GetClientRect\0\15\0BeginPaint\0\0\216\0DefWindowProcA\0\0;\2SendMessageA\0\0\223\1InvalidateRect\0\0\241\0DispatchMessageA\0\0\377\1PeekMessageA\0\0\304\0EnableWindow\0\0\14\1GetDC\0\277\1LoadImageA\0\0\200\2SetWindowLongA\0\0\21\1GetDlgItem\0\0\255\1IsWindow\0\0\344\0FindWindowExA\0>\2SendMessageTimeoutA\0\326\2wsprintfA\0-\0CharPrevA\0\222\2ShowWindow\0\0W\2SetForegroundWindow\0\3\2PostQuitMessage\0\206\2SetWindowTextA\0\0z\2SetTimer\0\0\231\0DestroyWindow\0U\0", ) , ) == 0x0
 00790   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "ParamA\0\0\341\0ExitWindowsEx\0*\0CharNextA\0Z\1GetSysColor\0n\1GetWindowLongA\0\0\271\1LoadCursorA\0M\2SetCursor\08\0CheckDlgButton\0\0\362\0GetAsyncKeyState\0\0\243\1IsDlgButtonChecked\0\01\2ScreenToClient\0\0<\1GetMessagePos\0\33\0CallWindowProcA\0\261\1IsWindowVisible\0\267\1LoadBitmapA\0B\0CloseClipboard\0\0J\2SetClipboardData\0\0\301\0EmptyClipboard\0\0\365\1OpenClipboard\0\244\2TrackPopupMenu\0\0t\1GetWindowRect\0\10\0AppendMenuA\0^\0CreatePopupMenu\0]\1GetSystemMetrics\0\0\306\0EndDialog\0G\2SetClassLongA\0\256\1IsWindowEnabled\0\203\2SetWindowPos\0\0\236\0DialogBoxParamA\0\366\0GetClassInfoA\0`\0Create", ) , ) == 0x0
 00791   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "SystemParametersInfoA\0\26\2RegisterClassA\0\0S\2SetDlgItemTextA\0\23\1GetDlgItemTextA\0\336\1MessageBoxA\0\330\2wvsprintfA\0\0USER32.dll\0\0\16\2SelectObject\0\0<\2SetTextColor\0\0\26\2SetBkMode\0:\0CreateFontIndirectA\0)\0CreateBrushIndirect\0\217\0DeleteObject\0\0k\1GetDeviceCaps\0\25\2SetBkColor\0\0GDI32.dll\0\320\1RegDeleteKeyA\0\311\1RegCloseKey\0\325\1RegEnumKeyA\0\342\1RegOpenKeyExA\0\331\1RegEnumValueA\0\354\1RegQueryValueExA\0\0\371\1RegSetValueExA\0\0\315\1RegCreateKeyExA\0\322\1RegDeleteValueA\0ADVAPI32.dll\0\0\232\0SHFileOperationA\0\0\6\1ShellExecuteA\0\273\0SHGetPathFromIDListA\0\0y\0SHBrowseForFol", ) , ) == 0x0
 00792   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "tMalloc\0\302\0SHGetSpecialFolderLocation\0\0SHELL32.dll\0\20\0CoCreateInstance\0\0\4\1OleUninitialize\0\355\0OleInitialize\0ole32.dll\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", ) , ) == 0x0
 00793   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "`dB\0\347\23@\0\6\0\0\0\377\377\377\377\377\377\377\377A~NSISu_.exe\0\0\0\0\377\377\377\377\214B@\0\224J@\0, ) , ) == 0x0
 00794   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\3\0\0\00\0\0\200\5\0\0\0H\0\0\200\16\0\0\0`\0\0\200\20\0\0\0x\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\1\0\0\0\220\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0o\0\0\0\250\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0g\0\0\0\300\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\1\0\0\0\330\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\11\4\0\0\360\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\11\4\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\11\4\0\0\20\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\11\4\0\0 \1\0\00\361\2\0\350\2\0\0\0\0\0\0\0\0\0\0\30\364\2\0`\0\0\0\0\0\0\0\0\0\0\0x\364\2\0\24\0\0\0\0\0\0\0\0\0\0\0\220\364\2\00\3\0\0\0\0\0\0\0\0\0\0(\0\0\0 \0\0\0@\0\0\0\1\0\4\0\0\0\0\0\200\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\200\0\0\200\0\0\0\200\200\0\0\0\0\200\0\0\200\200\0\200\0\200\0\200\200\200\0\300\300\300\0\0\377\0\0\377\0\0\0\377\377\0\0\0\0\377\0\0\377\377\0\377\0\377\0\377\377\377\0\0\0\0\0\0\0\0\7w\0\0\0\0\0\0\0\0\0\0\0\0\0\7x\215\335\220\0\0\0\0\0\0x\370\360\0\0\177\217\210\335\231\220\0\0\0\0\0\177\217\200p\7\207\370\375\331\231\210\0\0\0\0\0x\370\360\207\7x\177\210\331\230\210\0\0\0\0\0\177\217\200xw\207\207\370\331\210\213", ) , ) == 0x0
 00795   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "p\11\213\273\260\0\0\0\0\177\217\200xw\207\207\0\0\273\270\200\0\0\0\0x\370\360\207x\210\273\0\0xxp\0\0\0\0\177\217\200xx\273\211\260\7\207\207\200\0\0\0\0\177\377\360\207{\270\233\275\377xxp\0\0\0\0\177\377\360xw\211\273\275\370\367\207\0\0\0\0\0\177\377\360\207\207\233\273\335\217\217x\10\210\210\0\0\177\377\360\210\210{\275\335\210\370\360\0\0\210p\0\177\377\360\210\210\7}\335\210\200\7ww\210p\0\177\377\360\210\210\17\367ww\177\377\377\377\377p\0wwp\210\210\7wwwwwwwxp\0wwp\210\210\0\0\0\0\0\0\0\0\0\200\7\377\377\367\10\210\7\210\210\210\210\210\210\210\207\0wwwwp\210\7\377\377\377\377\377\377\377\207\0\0\0\7ww\10\7\360\0\0\0\0\0\17\207\0\0\0\0wwp\7\360\0\0\0\0\0\17\207\0\0\0\0\7\377\377\7\360\0\0\360\17\0\17\207\0\0\0\0\0wwp\360\0\0\360\17\0\17\207\0\0\0\0\0\0\0\7\360\0\0\377\377\360\17\207\0\0\0\0\0\0\0\7\360\0\0\377\377\360\17\207\0\0\0\0\0\0\0\7\360\17\377\360\0\0\17\207\0\0\0\0\0\0\0\7\360\0\377\0\0\0\17\207\0\0\0\0\0\0\0\7\360\0\0\0\0\0\17\207\0\0\0\0\0\0\0\7\360\0\0\0\0\0\17\207\0\0\0\0\0\0\0\7\377\377\377\377\377\377\377\207\0\0\0\0\0\0\0\0wwwwwwww\0\377\376\7\377\300\370\1\377\300p\0\377\300 \0\177\300\0\0\177\300\0\0?\300\0\0?\300\0`?\300\0`?\300\0\0?\300\0\0?\300\0\0\3\300\0\0\1\300\0\0\0\300\0\0\0\300\0\0\0\300\0\0\0\300\0\0\0\200\0\0\1\0\0\0\1\370\0\0\1\374\0\0\1\376\0\0\1", ) , ) == 0x0
 00796   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\377\370\0\1\377\370\0\1\377\370\0\1\377\370\0\1\377\370\0\1\377\374\0\3\1\0\377\377\0\0\0\0\0\0\0\0\310\10\0\200\1\0\0\0\0\0\242\0\26\0\0\0\0\0\0\0\10\0\0\0\0\1M\0S\0 \0S\0h\0e\0l\0l\0 \0D\0l\0g\0\0\0\0\0\0\0\0\0\0\0\1\0\2P\7\0\7\0\224\0\10\0\6\4\0\0\377\377\202\0\0\0\0\0\0\0\1\0\1\0  \20\0\1\0\4\0\350\2\0\0\1\0\0\0\0\00\34\0\0\0V\0S\0_\0V\0E\0R\0S\0I\0O\0N\0_\0I\0N\0F\0O\0\0\0\0\0\275\4\357\376\0\0\0\0\1\0\6\0\2\0)\0\1\0\6\0\2\0)\0\0\0\0\0\0\0\0\0\4\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\216\2\0\0\0\0S\0t\0r\0i\0n\0g\0F\0i\0l\0e\0I\0n\0f\0o\0\0\0j\2\0\0\0\00\04\00\09\00\04\0e\04\0\0\02\0\11\0\1\0C\0o\0m\0p\0a\0n\0y\0N\0a\0m\0e\0\0\0\0\0A\0O\0L\0 \0L\0L\0C\0.\0\0\0\0\0h\0 \0\1\0F\0i\0l\0e\0D\0e\0s\0c\0r\0i\0p\0t\0i\0o\0n\0\0\0\0\0A\0O\0L\0 \0D\0o\0w\0n\0l\0o\0a\0d\0 \0U\0t\0i\0l\0i\0t\0y\0 \06\0.\01\0.\04\01\0.\02\0.\01\0\0\06\0\13\0\1\0F\0i\0l\0e\0V\0e\0r\0s\0i\0o\0n\0\0\0\0\06\0.\01\0.\04\01\0.\02\0", ) , ) == 0x0
 00797   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\1\0L\0e\0g\0a\0l\0C\0o\0p\0y\0r\0i\0g\0h\0t\0\0\0C\0o\0p\0y\0r\0i\0g\0h\0t\0 \0\251\0 \02\00\00\04\0-\02\00\00\06\0 \0-\0 \0A\0O\0L\0 \0L\0L\0C\0.\0 \0A\0l\0l\0 \0R\0i\0g\0h\0t\0s\0 \0R\0e\0s\0e\0r\0v\0e\0d\0.\0\0\0f\0\37\0\1\0L\0e\0g\0a\0l\0T\0r\0a\0d\0e\0m\0a\0r\0k\0s\0\0\0\0\0A\0O\0L\0 \0i\0s\0 \0a\0 \0t\0r\0a\0d\0e\0m\0a\0r\0k\0 \0o\0f\0 \0A\0O\0L\0 \0L\0L\0C\0.\0\0\0\0\0J\0\25\0\1\0P\0r\0o\0d\0u\0c\0t\0N\0a\0m\0e\0\0\0\0\0A\0O\0L\0 \0D\0o\0w\0n\0l\0o\0a\0d\0 \0U\0t\0i\0l\0i\0t\0y\0\0\0\0\0:\0\13\0\1\0P\0r\0o\0d\0u\0c\0t\0V\0e\0r\0s\0i\0o\0n\0\0\06\0.\01\0.\04\01\0.\02\0.\01\0\0\0\0\0D\0\0\0\0\0V\0a\0r\0F\0i\0l\0e\0I\0n\0f\0o\0\0\0\0\0$\0\4\0\0\0T\0r\0a\0n\0s\0l\0a\0t\0i\0o\0n\0\0\0\0\0\11\4\344\4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", ) , ) == 0x0
 00798   480   NtReadFile  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512},  (76, 0, 0, 0, 512, 0x0, 0, ... {status=0x0, info=512}, "\2\0\0\0\357\276\255\336NullsoftInst\312\14\0\0d\16\4\0]\0\0\0\1\0e\2\374\27\303\202a\241F\34\37kT\246\320\240\200\235\346\353\310>\374\257.\254\203\261w\260Z;!k\2471\11\354\225O\311\246\305\21\37\217\301\36H\222\32\214wK\230\211\4E\237M\32\37\337{\251~\377#\3161ER\\307eh\363\302I\26*\273\353\179\347\304\342\215\324x\377\227_\236\255}\217\376\301j\340'&\305_{N\272\14\31\1\335\33\352sq\266\347a\206\302R\346\257\344\347\3558\324P\377\363\360*A\230Bp\235\222k)\335\221Yw\220\215\244\276$\323\316\316\22/\202\17\236\25\256\215\34\160\272\304\354\241*\31h\202\224\265\261d\310\300\212\200\274\351q\304\335\254\213\13\200\362\326L\3210c\243H\345{\246\203\311\344\347\362\21<\265\335u\372\20\0T\230\370\307\344\362\1\25\326\323\250\13\203\337Q\171\31kMC`\267\246!\207\2019\14~\256\377j\221\366\366\373\251Z\256\326<\264\2312\245\341K\325\254Q\262m\261|\227\276$\241\264t-\242\213y"s\270@\3\361L\\242\244);t\245C\232\364\237v\200!\30h\305\334\353\360\221\232\306\311cY)+\177\207H\W\12\255W%6\21\262\211:H\240\10=\352\224wB}\310\15\276`\345\357\271\210\245\331\11Fm]uQ\252\312\25\37\262\267HB\223\13\306\301\302\321\361G\6\24\320\321%\31N+\312##:i\312\277yZ\240\272Y\363t\262\314.e\263\0L'\210:8P!c\321\201\305\376\330\365:\244\305z\331J\56\262B\2179\370E[\255?270@\3\361L\\242\244);t\245C\232\364\237v\200!\30h\305\334\353\360\221\232\306\311cY)+\177\207H\W\12\255W%6\21\262\211:H\240\10=\352\224wB}\310\15\276`\345\357\271\210\245\331\11Fm]uQ\252\312\25\37\262\267HB\223\13\306\301\302\321\361G\6\24\320\321%\31N+\312##:i\312\277yZ\240\272Y\363t\262\314.e\263\0L'\210:8P!c\321\201\305\376\330\365:\244\305z\331J\56\262B\2179\370E[\255?251\354\315\20ET\301\253\215\217\27\36\313\216\360\265\271\356.X\313\246Fs}O\270\260\267C\342fL", ) == 0x0
 00799   480   NtClose  (76, ... ) == 0x0
 00800   480   NtUserDestroyWindow  (131262, ...
 00801   480   NtUserRemoveProp  (131262, 43288, ... ) == 0xffffffff
 00802   480   NtUserRemoveProp  (131262, 43282, ... ) == 0x0
 00803   480   NtUserRemoveProp  (131262, 43287, ... ) == 0x0
 00800   480   NtUserDestroyWindow  ... ) == 0x1
 00804   480   NtUserUnregisterClass  (1244984, 1998258176, 1244972, ... ) == 0x1
 00805   480   NtUserModifyUserStartupInfoFlags  (1, 0, ... ) == 0x81269658
 00806   480   NtUserGetDCEx  (0, 0, 3, ... ) == 0x1010050
 00807   480   NtGdiSetupPublicCFONT  (16842832, 0, 0, ... ) == 0x100
 00808   480   NtGdiGetTextExtent  (16842832, 1353088, 10, 1244416, 1, ... ) == 0x1
 00809   480   NtUserGetForegroundWindow  (... ) == 0x100ac
 00810   480   NtUserQueryWindow  (65708, 0, ... ) == 0x7f8
 00811   480   NtUserQueryWindow  (65708, 1, ... ) == 0x7fc
 00812   480   NtGdiSetupPublicCFONT  (16842832, 0, 0, ... ) == 0x100
 00813   480   NtGdiGetTextMetricsW  (16842832, 1243336, 68, ... ) == 0x1
 00814   480   NtGdiGetTextCharsetInfo  (16842832, 0, 0, ... ) == 0x0
 00815   480   NtGdiCreateRectRgn  (0, 0, 1, 1, ... ) == 0x6040483
 00816   480   NtGdiGetRandomRgn  (16842832, 100926595, 1, ... ) == 0x0
 00817   480   NtGdiIntersectClipRect  (16842832, 0, 0, 565, 738, ... ) == 0x3
 00818   480   NtGdiExtSelectClipRgn  (16842832, 0, 5, ... ) == 0x2
 00819   480   NtGdiSetupPublicCFONT  (0, 50987263, 6, ... ) == 0x3
 00820   480   NtGdiGetTextCharsetInfo  (16842832, 0, 0, ... ) == 0x0
 00821   480   NtGdiGetRandomRgn  (16842832, 117703811, 1, ... ) == 0x0
 00822   480   NtGdiIntersectClipRect  (16842832, 0, 0, 355, 738, ... ) == 0x3
 00823   480   NtGdiExtSelectClipRgn  (16842832, 0, 5, ... ) == 0x2
 00824   480   NtUserCallOneParam  (16842832, 56, ... ) == 0x1
 00825   480   NtUserFindExistingCursorIcon  (1243204, 1243220, 1243788, ... ) == 0x10011
 00826   480   NtUserSetCursor  (65553, ... ) == 0x10015
 00827   480   NtUserCallOneParam  (1, 49, ... ) == 0x1
 00828   480   NtUserFindExistingCursorIcon  (1243156, 1243172, 1243740, ... ) == 0x10015
 00829   480   NtUserSetCursor  (65557, ... ) == 0x10011
 00830   480   NtGdiCreateCompatibleDC  (0, ... ) == 0x1010484
 00831   480   NtGdiExtGetObjectW  (50987263, 92, 1243484, ... ) == 0x5c
 00832   480   NtGdiHfontCreate  (1242920, 356, 0, 0, 1329784, ... ) == 0x10a0485
 00833   480   NtGdiGetTextMetricsW  (16843908, 1243424, 68, ... ) == 0x1
 00834   480   NtGdiGetWidthTable  (16843908, 52, 1334376, 308, 1334992, 1353936, 1353952, ... ) == 0x1
 00835   480   NtGdiDeleteObjectApp  (16843908, ... ) == 0x1
 00836   480   NtUserGetForegroundWindow  (... ) == 0x100ac
 00837   480   NtUserQueryWindow  (65708, 0, ... ) == 0x7f8
 00838   480   NtUserQueryWindow  (65708, 1, ... ) == 0x7fc
 00839   480   NtUserGetAtomName  (32770, 1242360, ... ) == 0x6
 00840   480   NtUserCreateWindowEx  (65793, 32770, 32770,  (65793, 32770, 32770, "NSIS Error", -2134375995, 300, 306, 431, 185, 0, 0, 2010382336, 0, 1073742848, 0, ... , -2134375995, 300, 306, 431, 185, 0, 0, 2010382336, 0, 1073742848, 0, ...
 00841   480   NtUserSetWindowFNID  (196798, 676, ... ) == 0x1
 00842   480   NtUserCallHwndParam  (196798, 1352972, 78, ... ) == 0x14a50c
 00843   480   NtUserMessageCall  (0x300be, WM_NCCREATE, 0x0, 0x12f4a4, 0, 670, 0, ... ) == 0x1
 00844   480   NtUserMessageCall  (0x300be, WM_NCCALCSIZE, 0x0, 0x12f4cc, 0, 670, 0, ... ) == 0x0
 00845   480   NtUserGetClassName  (196798, 0, 1241484, ... ) == 0x6
 00846   480   NtUserRemoveProp  (196798, 43282, ... ) == 0x0
 00847   480   NtRequestWaitReplyPort  (24, {24, 52, new_msg, 0, 76, 0, 0, 0}  (24, {24, 52, new_msg, 0, 76, 0, 0, 0} "\0\0\0\0\5\4\3\0`Z\374w\24\0\0\0\340\1\0\0\0\0\0\0" ... {24, 52, reply, 0, 432, 480, 1594, 0} "\0\0\0\0\5\4\3\0\0\0\0\0\24\0\0\0\340\1\0\0\0\0\0\0" )  ... {24, 52, reply, 0, 432, 480, 1594, 0}  (24, {24, 52, new_msg, 0, 76, 0, 0, 0} "\0\0\0\0\5\4\3\0`Z\374w\24\0\0\0\340\1\0\0\0\0\0\0" ... {24, 52, reply, 0, 432, 480, 1594, 0} "\0\0\0\0\5\4\3\0\0\0\0\0\24\0\0\0\340\1\0\0\0\0\0\0" )  ) == 0x0
 00848   480   NtUserGetThreadDesktop  (480, 0, ... ) == 0x28
 00849   480   NtUserGetObjectInformation  (40, 2, 1241160, 520, 0, ... ) == 0x1
 00850   480   NtGdiDeleteObjectApp  (101713026, ... ) == 0x1
 00851   480   NtUserGetWindowDC  (0, ... ) == 0x1010054
 00852   480   NtUserCallOneParam  (16842836, 56, ... ) == 0x1
 00853   480   NtUserGetWindowDC  (0, ... ) == 0x1010054
 00854   480   NtUserCallOneParam  (16842836, 56, ... ) == 0x1
 00855   480   NtUserGetWindowDC  (0, ... ) == 0x1010054
 00856   480   NtUserCallOneParam  (16842836, 56, ... ) == 0x1
 00857   480   NtUserGetWindowDC  (0, ... ) == 0x1010054
 00858   480   NtUserCallOneParam  (16842836, 56, ... ) == 0x1
 00859   480   NtUserGetWindowDC  (0, ... ) == 0x1010054
 00860   480   NtUserCallOneParam  (16842836, 56, ... ) == 0x1
 00861   480   NtUserGetWindowDC  (0, ... ) == 0x1010054
 00862   480   NtUserCallOneParam  (16842836, 56, ... ) == 0x1
 00863   480   NtUserGetWindowDC  (0, ... ) == 0x1010054
 00864   480   NtUserCallOneParam  (16842836, 56, ... ) == 0x1
 00865   480   NtUserGetWindowDC  (0, ... ) == 0x1010054
 00866   480   NtUserCallOneParam  (16842836, 56, ... ) == 0x1
 00867   480   NtUserGetWindowDC  (0, ... ) == 0x1010054
 00868   480   NtGdiCreatePatternBrushInternal  (59048369, 0, 0, ... ) == 0x7100482
 00869   480   NtUserCallOneParam  (16842836, 56, ... ) == 0x1
 00870   480   NtAllocateVirtualMemory  (-1, 8732672, 0, 4096, 4096, 4, ... 8732672, 4096, ) == 0x0
 00871   480   NtUserSetProp  (196798, 43288, 8732256, ... ) == 0x1
 00840   480   NtUserCreateWindowEx  ... ) == 0x300be
 00872   480   NtUserCallHwndLock  (196798, 89, ... ) == 0x1
 00873   480   NtUserGetAtomName  (49175, 1242360, ... ) == 0x6
 00874   480   NtUserCreateWindowEx  (4, 49175, 49175,  (4, 49175, 49175, "OK", 1342373889, 174, 119, 75, 23, 196798, 1, 2010382336, 0, 1073742848, 0, ... , 1342373889, 174, 119, 75, 23, 196798, 1, 2010382336, 0, 1073742848, 0, ...
 00875   480   NtUserSetWindowFNID  (65774, 673, ... ) == 0x1
 00876   480   NtUserSetWindowLong  (65774, 0, 1354716, 0, ... ) == 0x0
 00877   480   NtUserMessageCall  (0x100ee, WM_NCCREATE, 0x0, 0x12f4a4, 0, 670, 0, ... ) == 0x1
 00878   480   NtUserMessageCall  (0x100ee, WM_NCCALCSIZE, 0x0, 0x12f4cc, 0, 670, 0, ... ) == 0x0
 00879   480   NtUserSetProp  (65774, 43288, -1, ... ) == 0x1
 00874   480   NtUserCreateWindowEx  ... ) == 0x100ee
 00880   480   NtUserGetAtomName  (49177, 1242360, ... ) == 0x6
 00881   480   NtUserCreateWindowEx  (4, 49177, 49177, "1342308355, 11, 11, 0, 0, 196798, 20, 2010382336, 0, 1073742848, 0, ...
 00882   480   NtUserSetWindowFNID  (65776, 680, ... ) == 0x1
 00883   480   NtUserSetWindowLong  (65776, 0, 1354920, 0, ... ) == 0x0
 00884   480   NtUserMessageCall  (0x100f0, WM_NCCREATE, 0x0, 0x12f4a4, 0, 670, 0, ... ) == 0x1
 00885   480   NtUserMessageCall  (0x100f0, WM_NCCALCSIZE, 0x0, 0x12f4cc, 0, 670, 0, ... ) == 0x0
 00886   480   NtUserSetProp  (65776, 43288, -1, ... ) == 0x1
 00887   480   NtUserFindExistingCursorIcon  (1241148, 1241164, 1241732, ... ) == 0x0
 00888   480   NtUserFindExistingCursorIcon  (1241148, 1241164, 1241732, ... ) == 0x0
 00889   480   NtUserFindExistingCursorIcon  (1241148, 1241164, 1241732, ... ) == 0x10009
 00890   480   NtUserGetIconSize  (65545, 0, 1241752, 1241756, ... ) == 0x1
 00891   480   NtUserGetCursorFrameInfo  (65545, 0, 1241788, 1241764, ... ) == 0x10009
 00892   480   NtUserSetWindowPos  (65776, 0, 0, 0, 32, 32, 22, ...
 00893   480   NtUserMessageCall  (0x100f0, WM_WINDOWPOSCHANGING, 0x0, 0x12f214, 0, 670, 0, ... ) == 0x0
 00894   480   NtUserMessageCall  (0x100f0, WM_NCCALCSIZE, 0x1, 0x12f1e8, 0, 670, 0, ... ) == 0x0
 00892   480   NtUserSetWindowPos  ... ) == 0x1
 00881   480   NtUserCreateWindowEx  ... ) == 0x100f0
 00895   480   NtUserGetAtomName  (49177, 1242360, ... ) == 0x6
 00896   480   NtUserCreateWindowEx  (4, 49177, 49177, "The installer you are trying to use is corrupted or incomplete.
 00897   480   NtUserSetWindowFNID  (65778, 680, ... ) == 0x1
 00898   480   NtUserSetWindowLong  (65778, 0, 1354896, 0, ... ) == 0x0
 00899   480   NtUserMessageCall  (0x100f2, WM_NCCREATE, 0x0, 0x12f4a4, 0, 670, 0, ...
 00900   480   NtAllocateVirtualMemory  (-1, 5623808, 0, 4096, 4096, 32, ... 5623808, 4096, ) == 0x0
 00899   480   NtUserMessageCall  ... ) == 0x1
 00901   480   NtUserMessageCall  (0x100f2, WM_NCCALCSIZE, 0x0, 0x12f4cc, 0, 670, 0, ... ) == 0x0
 00902   480   NtUserSetProp  (65778, 43288, -1, ... ) == 0x1
 00896   480   NtUserCreateWindowEx  ... ) == 0x100f2
 00903   480   NtUserSetWindowLong  (196798, -21, 1244860, 0, ... ) == 0x0
 00904   480   NtUserCallHwnd  (196798, 72, ... ) == 0xbc64caf8
 00905   480   NtAllocateVirtualMemory  (-1, 0, 0, 131064, 8192, 4, ... 9371648, 131072, ) == 0x0
 00906   480   NtAllocateVirtualMemory  (-1, 9371648, 0, 4096, 4096, 4, ... 9371648, 4096, ) == 0x0
 00907   480   NtUserSetFocus  (65774, ...
 00908   480   NtUserMessageCall  (0x300be, WM_NCACTIVATE, 0x1, 0xffffffff, 0, 670, 0, ... ) == 0x1
 00909   480   NtUserInternalGetWindowText  (0x300be, 260, ...  (0x300be, 260, ... "NSIS Error", ) , ) == 0xa
 00910   480   NtUserGetWindowDC  (196798, ... ) == 0x1010052
 00911   480   NtGdiGetTextMetricsW  (16842834, 1241420, 68, ... ) == 0x1
 00912   480   NtGdiGetRandomRgn  (16842834, 134481027, 1, ... ) == 0x0
 00913   480   NtGdiIntersectClipRect  (16842834, 0, 0, 0, 0, ... ) == 0x3
 00914   480   NtGdiGetWidthTable  (16842834, 10, 1335064, 266, 1335596, 1334432, 1334448, ... ) == 0x1
 00915   480   NtGdiExtSelectClipRgn  (16842834, 0, 5, ... ) == 0x1
 00916   480   NtUserCallOneParam  (16842834, 56, ... ) == 0x1
 00917   480   NtUserCalcMenuBar  (196798, 3, 3, 29, 8732440, ... ) == 0x0
 00918   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x2, 0x0, 1241388, 690, 0, ...
 00919   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x2, 0x0, 0, 670, 0, ... ) == 0x0
 00918   480   NtUserMessageCall  ... ) == 0x0
 00920   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x0, 0x0, 1241388, 690, 0, ...
 00921   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x0, 0x0, 0, 670, 0, ... ) == 0x0
 00920   480   NtUserMessageCall  ... ) == 0x0
 00922   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x1, 0x0, 1241388, 690, 0, ...
 00923   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x1, 0x0, 0, 670, 0, ... ) == 0x0
 00922   480   NtUserMessageCall  ... ) == 0x0
 00924   480   NtUserGetTitleBarInfo  (196798, 1242016, ... ) == 0x1
 00925   480   NtUserGetDCEx  (196798, 0, 66561, ... ) == 0x1010051
 00926   480   NtGdiExcludeClipRect  (16842833, 3, 29, 428, 182, ... ) == 0x3
 00927   480   NtGdiDrawStream  (16842833, 96, 1241420, ... ) == 0x1
 00928   480   NtGdiDrawStream  (16842833, 96, 1241420, ... ) == 0x1
 00929   480   NtGdiDrawStream  (16842833, 96, 1241420, ... ) == 0x1
 00930   480   NtGdiCreateCompatibleBitmap  (16842833, 431, 29, ... ) == 0x6050484
 00931   480   NtGdiCreateCompatibleDC  (16842833, ... ) == 0x1010486
 00932   480   NtGdiSelectBitmap  (16843910, 100992132, ... ) == 0x185000f
 00933   480   NtGdiDrawStream  (16843910, 96, 1241312, ... ) == 0x1
 00934   480   NtGdiDrawStream  (16843910, 96, 1241268, ... ) == 0x1
 00935   480   NtGdiDrawStream  (16843910, 96, 1241268, ... ) == 0x1
 00936   480   NtUserInternalGetWindowText  (0x300be, 260, ...  (0x300be, 260, ... "NSIS Error", ) , ) == 0xa
 00937   480   NtGdiGetRandomRgn  (16843910, 151258243, 1, ... ) == 0x0
 00938   480   NtGdiIntersectClipRect  (16843910, 8, 8, 403, 25, ... ) == 0x3
 00939   480   NtGdiExtSelectClipRgn  (16843910, 0, 5, ... ) == 0x2
 00940   480   NtGdiGetRandomRgn  (16843910, 168035459, 1, ... ) == 0x0
 00941   480   NtGdiIntersectClipRect  (16843910, 7, 7, 402, 25, ... ) == 0x3
 00942   480   NtGdiExtSelectClipRgn  (16843910, 0, 5, ... ) == 0x2
 00943   480   NtGdiBitBlt  (16842833, 0, 0, 431, 29, 16843910, 0, 0, 13369376, -1, 0, ... ) == 0x1
 00944   480   NtGdiSelectBitmap  (16843910, 25493519, ... ) == 0x6050484
 00945   480   NtGdiDeleteObjectApp  (16843910, ... ) == 0x1
 00946   480   NtGdiDeleteObjectApp  (100992132, ... ) == 0x1
 00947   480   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00907   480   NtUserSetFocus  ... ) == 0x0
 00948   480   NtUserSetWindowLong  (65774, -12, 2, 0, ... ) == 0x1
 00949   480   NtUserGetClassName  (65774, 0, 1242904, ... ) == 0x6
 00950   480   NtUserGetClassName  (65776, 0, 1242904, ... ) == 0x6
 00951   480   NtUserGetClassName  (65778, 0, 1242904, ... ) == 0x6
 00952   480   NtUserGetAncestor  (196798, 1, ... ) == 0x10014
 00953   480   NtUserSetWindowPos  (196798, 0, 300, 306, 431, 185, 1047, ... ) == 0x1
 00954   480   NtUserMessageCall  (0x300be, 0x128, 0x30001, 0x0, 0, 670, 0, ...
 00955   480   NtUserMessageCall  (0x100ee, 0x128, 0x30001, 0x0, 0, 670, 0, ... ) == 0x0
 00956   480   NtUserMessageCall  (0x100f0, 0x128, 0x30001, 0x0, 0, 670, 0, ... ) == 0x0
 00957   480   NtUserMessageCall  (0x100f2, 0x128, 0x30001, 0x0, 0, 670, 0, ... ) == 0x0
 00954   480   NtUserMessageCall  ... ) == 0x0
 00958   480   NtUserShowWindow  (196798, 1, ...
 00959   480   NtUserInternalGetWindowText  (0x300be, 260, ...  (0x300be, 260, ... "NSIS Error", ) , ) == 0xa
 00960   480   NtUserGetWindowDC  (196798, ... ) == 0x1010051
 00961   480   NtGdiGetRandomRgn  (16842833, 184812675, 1, ... ) == 0x0
 00962   480   NtGdiIntersectClipRect  (16842833, 0, 0, 0, 0, ... ) == 0x3
 00963   480   NtGdiGetCharSet  (16842833, ... ) == 0x4e4
 00964   480   NtGdiExtSelectClipRgn  (16842833, 0, 5, ... ) == 0x2
 00965   480   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00966   480   NtUserCalcMenuBar  (196798, 3, 3, 29, 8732440, ... ) == 0x0
 00967   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x2, 0x0, 1242004, 690, 0, ...
 00968   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x2, 0x0, 0, 670, 0, ... ) == 0x0
 00967   480   NtUserMessageCall  ... ) == 0x0
 00969   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x0, 0x0, 1242004, 690, 0, ...
 00970   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x0, 0x0, 0, 670, 0, ... ) == 0x0
 00969   480   NtUserMessageCall  ... ) == 0x0
 00971   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x1, 0x0, 1242004, 690, 0, ...
 00972   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x1, 0x0, 0, 670, 0, ... ) == 0x0
 00971   480   NtUserMessageCall  ... ) == 0x0
 00973   480   NtUserGetTitleBarInfo  (196798, 1242632, ... ) == 0x1
 00974   480   NtUserGetDCEx  (196798, 0, 66561, ... ) == 0x1010052
 00975   480   NtGdiExcludeClipRect  (16842834, 3, 29, 428, 182, ... ) == 0x3
 00976   480   NtGdiDrawStream  (16842834, 96, 1242036, ... ) == 0x1
 00977   480   NtGdiDrawStream  (16842834, 96, 1242036, ... ) == 0x1
 00978   480   NtGdiDrawStream  (16842834, 96, 1242036, ... ) == 0x1
 00979   480   NtGdiCreateCompatibleBitmap  (16842834, 431, 29, ... ) == 0xa050484
 00980   480   NtGdiCreateCompatibleDC  (16842834, ... ) == 0x2010487
 00981   480   NtGdiSelectBitmap  (33621127, 168100996, ... ) == 0x185000f
 00982   480   NtGdiDrawStream  (33621127, 96, 1241928, ... ) == 0x1
 00983   480   NtGdiDrawStream  (33621127, 96, 1241884, ... ) == 0x1
 00984   480   NtGdiDrawStream  (33621127, 96, 1241884, ... ) == 0x1
 00985   480   NtUserInternalGetWindowText  (0x300be, 260, ...  (0x300be, 260, ... "NSIS Error", ) , ) == 0xa
 00986   480   NtGdiGetRandomRgn  (33621127, 201589891, 1, ... ) == 0x0
 00987   480   NtGdiIntersectClipRect  (33621127, 8, 8, 403, 25, ... ) == 0x3
 00988   480   NtGdiExtSelectClipRgn  (33621127, 0, 5, ... ) == 0x2
 00989   480   NtGdiGetRandomRgn  (33621127, 218367107, 1, ... ) == 0x0
 00990   480   NtGdiIntersectClipRect  (33621127, 7, 7, 402, 25, ... ) == 0x3
 00991   480   NtGdiExtSelectClipRgn  (33621127, 0, 5, ... ) == 0x2
 00992   480   NtGdiBitBlt  (16842834, 0, 0, 431, 29, 33621127, 0, 0, 13369376, -1, 0, ... ) == 0x1
 00993   480   NtGdiSelectBitmap  (33621127, 25493519, ... ) == 0xa050484
 00994   480   NtGdiDeleteObjectApp  (33621127, ... ) == 0x1
 00995   480   NtGdiDeleteObjectApp  (168100996, ... ) == 0x1
 00996   480   NtUserCallOneParam  (16842834, 56, ... ) == 0x1
 00997   480   NtUserFillWindow  (196798, 196798, 16842835, 4, ...
 00998   480   NtUserGetAncestor  (196798, 1, ... ) == 0x10014
 00999   480   NtUserGetAncestor  (65556, 1, ... ) == 0x0
 00997   480   NtUserFillWindow  ... ) == 0x1
 01000   480   NtUserInternalGetWindowText  (0x300be, 260, ...  (0x300be, 260, ... "NSIS Error", ) , ) == 0xa
 01001   480   NtUserGetWindowDC  (196798, ... ) == 0x1010051
 01002   480   NtGdiGetRandomRgn  (16842833, 235144323, 1, ... ) == 0x0
 01003   480   NtGdiIntersectClipRect  (16842833, 0, 0, 0, 0, ... ) == 0x3
 01004   480   NtGdiGetCharSet  (16842833, ... ) == 0x4e4
 01005   480   NtGdiExtSelectClipRgn  (16842833, 0, 5, ... ) == 0x2
 01006   480   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 01007   480   NtUserCalcMenuBar  (196798, 3, 3, 29, 8732440, ... ) == 0x0
 01008   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x2, 0x0, 1242288, 690, 0, ...
 01009   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x2, 0x0, 0, 670, 0, ... ) == 0x0
 01008   480   NtUserMessageCall  ... ) == 0x0
 01010   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x0, 0x0, 1242288, 690, 0, ...
 01011   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x0, 0x0, 0, 670, 0, ... ) == 0x0
 01010   480   NtUserMessageCall  ... ) == 0x0
 01012   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x1, 0x0, 1242288, 690, 0, ...
 01013   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x1, 0x0, 0, 670, 0, ... ) == 0x0
 01012   480   NtUserMessageCall  ... ) == 0x0
 01014   480   NtUserGetTitleBarInfo  (196798, 1242916, ... ) == 0x1
 01015   480   NtUserBuildHwndList  (0, 196798, 1, 0, 64, ... (0x100ee, 0x100f0, 0x100f2, 0x1, ), 4, ) == 0x0
 01016   480   NtUserGetWindowDC  (0, ... ) == 0x1010054
 01017   480   NtUserCallOneParam  (16842836, 56, ... ) == 0x1
 01018   480   NtGdiExtCreateRegion  (0, 112, 8733936, ... ) == 0xc040484
 01019   480   NtGdiOffsetRgn  (201589892, 0, 0, ... ) == 0x3
 01020   480   NtGdiCombineRgn  (251921539, 201589892, 251921539, 5, ... ) == 0x3
 01021   480   NtGdiCreateRectRgn  (0, 0, 1, 1, ... ) == 0x3040487
 01022   480   NtGdiCombineRgn  (251921539, 50594951, 251921539, 2, ... ) == 0x3
 01023   480   NtGdiCreateRectRgn  (0, 0, 1, 1, ... ) == 0x1040488
 01024   480   NtGdiCombineRgn  (251921539, 17040520, 251921539, 2, ... ) == 0x3
 01025   480   NtGdiCreateRectRgn  (0, 0, 1, 1, ... ) == 0x1040489
 01026   480   NtGdiCombineRgn  (251921539, 17040521, 251921539, 2, ... ) == 0x3
 01027   480   NtGdiCreateRectRgn  (0, 0, 1, 1, ... ) == 0x104048a
 01028   480   NtGdiCombineRgn  (251921539, 17040522, 251921539, 2, ... ) == 0x3
 01029   480   NtGdiCreateRectRgn  (0, 0, 1, 1, ... ) == 0x104048b
 01030   480   NtGdiCombineRgn  (17040523, 251921539, 0, 5, ... ) == 0x3
 01031   480   NtUserSetWindowRgn  (196798, 251921539, 1, ...
 01032   480   NtUserMessageCall  (0x300be, WM_NCCALCSIZE, 0x1, 0x12f668, 0, 670, 0, ... ) == 0x0
 01033   480   NtUserInternalGetWindowText  (0x300be, 260, ...  (0x300be, 260, ... "NSIS Error", ) , ) == 0xa
 01034   480   NtUserGetWindowDC  (196798, ... ) == 0x1010051
 01035   480   NtGdiGetRandomRgn  (16842833, 33817738, 1, ... ) == 0x0
 01036   480   NtGdiIntersectClipRect  (16842833, 0, 0, 0, 0, ... ) == 0x3
 01037   480   NtGdiGetCharSet  (16842833, ... ) == 0x4e4
 01038   480   NtGdiExtSelectClipRgn  (16842833, 0, 5, ... ) == 0x3
 01039   480   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 01040   480   NtUserCalcMenuBar  (196798, 3, 3, 29, 8732440, ... ) == 0x0
 01041   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x2, 0x0, 1241088, 690, 0, ...
 01042   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x2, 0x0, 0, 670, 0, ... ) == 0x0
 01041   480   NtUserMessageCall  ... ) == 0x0
 01043   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x0, 0x0, 1241088, 690, 0, ...
 01044   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x0, 0x0, 0, 670, 0, ... ) == 0x0
 01043   480   NtUserMessageCall  ... ) == 0x0
 01045   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x1, 0x0, 1241088, 690, 0, ...
 01046   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x1, 0x0, 0, 670, 0, ... ) == 0x0
 01045   480   NtUserMessageCall  ... ) == 0x0
 01047   480   NtUserGetTitleBarInfo  (196798, 1241716, ... ) == 0x1
 01048   480   NtUserGetDCEx  (196798, 0, 66561, ... ) == 0x1010053
 01049   480   NtGdiExcludeClipRect  (16842835, 3, 29, 428, 182, ... ) == 0x3
 01050   480   NtGdiDrawStream  (16842835, 96, 1241120, ... ) == 0x1
 01051   480   NtGdiDrawStream  (16842835, 96, 1241120, ... ) == 0x1
 01052   480   NtGdiDrawStream  (16842835, 96, 1241120, ... ) == 0x1
 01053   480   NtGdiCreateCompatibleBitmap  (16842835, 431, 29, ... ) == 0x405048d
 01054   480   NtGdiCreateCompatibleDC  (16842835, ... ) == 0x201048e
 01055   480   NtGdiSelectBitmap  (33621134, 67437709, ... ) == 0x185000f
 01056   480   NtGdiDrawStream  (33621134, 96, 1241012, ... ) == 0x1
 01057   480   NtGdiDrawStream  (33621134, 96, 1240968, ... ) == 0x1
 01058   480   NtGdiDrawStream  (33621134, 96, 1240968, ... ) == 0x1
 01059   480   NtUserInternalGetWindowText  (0x300be, 260, ...  (0x300be, 260, ... "NSIS Error", ) , ) == 0xa
 01060   480   NtGdiGetRandomRgn  (33621134, 50594954, 1, ... ) == 0x0
 01061   480   NtGdiIntersectClipRect  (33621134, 8, 8, 403, 25, ... ) == 0x3
 01062   480   NtGdiExtSelectClipRgn  (33621134, 0, 5, ... ) == 0x2
 01063   480   NtGdiGetRandomRgn  (33621134, 67372170, 1, ... ) == 0x0
 01064   480   NtGdiIntersectClipRect  (33621134, 7, 7, 402, 25, ... ) == 0x3
 01065   480   NtGdiExtSelectClipRgn  (33621134, 0, 5, ... ) == 0x2
 01066   480   NtGdiBitBlt  (16842835, 0, 0, 431, 29, 33621134, 0, 0, 13369376, -1, 0, ... ) == 0x1
 01067   480   NtGdiSelectBitmap  (33621134, 25493519, ... ) == 0x405048d
 01068   480   NtGdiDeleteObjectApp  (33621134, ... ) == 0x1
 01069   480   NtGdiDeleteObjectApp  (67437709, ... ) == 0x1
 01070   480   NtUserCallOneParam  (16842835, 56, ... ) == 0x1
 01071   480   NtUserFillWindow  (196798, 196798, 16842834, 4, ...
 01072   480   NtUserGetAncestor  (196798, 1, ... ) == 0x10014
 01073   480   NtUserGetAncestor  (65556, 1, ... ) == 0x0
 01071   480   NtUserFillWindow  ... ) == 0x1
 01031   480   NtUserSetWindowRgn  ... ) == 0x1
 00958   480   NtUserShowWindow  ... ) == 0x0
 01074   480   NtUserCallHwndLock  (196798, 93, ...
 01075   480   NtUserMessageCall  (0x300be, WM_PAINT, 0x0, 0x0, 0, 670, 0, ... ) == 0x0
 01076   480   NtUserBeginPaint  (0x100ee, 1243288, ...
 01077   480   NtUserMessageCall  (0x100ee, WM_NCPAINT, 0x1, 0x0, 0, 670, 0, ... ) == 0x0
 01076   480   NtUserBeginPaint  ... ) == 0x1010052
 01078   480   NtUserGetControlBrush  (0x100ee, 16842834, 309, ... ) == 0x1100056
 01079   480   NtGdiIntersectClipRect  (16842834, 0, 0, 75, 23, ... ) == 0x3
 01080   480   NtGdiIntersectClipRect  (16842834, 3, 3, 72, 20, ... ) == 0x3
 01081   480   NtUserEndPaint  (0x100ee, 1243288, ... ) == 0x1
 01082   480   NtUserBeginPaint  (0x100f0, 1243300, ...
 01083   480   NtUserMessageCall  (0x100f0, WM_NCPAINT, 0x1, 0x0, 0, 670, 0, ... ) == 0x0
 01082   480   NtUserBeginPaint  ... ) == 0x1010052
 01084   480   NtGdiIntersectClipRect  (16842834, 0, 0, 32, 32, ... ) == 0x3
 01085   480   NtUserGetControlBrush  (0x100f0, 16842834, 312, ... ) == 0x1100056
 01086   480   NtGdiGetDCDword  (16842834, 7, 1243020, ... ) == 0x1
 01087   480   NtUserDrawIconEx  (16842834, 0, 0, 65545, 32, 32, 0, 17825878, 3, 0, 1243064, ... ) == 0x1
 01088   480   NtUserEndPaint  (0x100f0, 1243300, ... ) == 0x1
 01089   480   NtUserBeginPaint  (0x100f2, 1243300, ...
 01090   480   NtUserMessageCall  (0x100f2, WM_NCPAINT, 0x1, 0x0, 0, 670, 0, ... ) == 0x0
 01089   480   NtUserBeginPaint  ... ) == 0x1010052
 01091   480   NtGdiIntersectClipRect  (16842834, 0, 0, 357, 93, ... ) == 0x3
 01092   480   NtUserGetControlBrush  (0x100f2, 16842834, 312, ... ) == 0x1100056
 01093   480   NtGdiGetTextCharsetInfo  (16842834, 0, 0, ... ) == 0x0
 01094   480   NtUserEndPaint  (0x100f2, 1243300, ... ) == 0x1
 01074   480   NtUserCallHwndLock  ... ) == 0x1
 01095   480   NtUserPeekMessage  (0, 0, 0, 1, ...
 01096   480   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Program Files\VMware\VMware Tools\hook.dll"}, 1241152, ... ) }, 1241152, ... ) == 0x0
 01097   480   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\Program Files\VMware\VMware Tools\hook.dll"}, 5, 96, ... 76, {status=0x0, info=1}, ) }, 5, 96, ... 76, {status=0x0, info=1}, ) == 0x0
 01098   480   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 76, ... 80, ) == 0x0
 01099   480   NtClose  (76, ... ) == 0x0
 01100   480   NtMapViewOfSection  (80, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0x870000), 0x0, 45056, ) == 0x0
 01101   480   NtClose  (80, ... ) == 0x0
 01102   480   NtUnmapViewOfSection  (-1, 0x870000, ... ) == 0x0
 01103   480   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Program Files\VMware\VMware Tools\hook.dll"}, 1241468, ... ) }, 1241468, ... ) == 0x0
 01104   480   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Program Files\VMware\VMware Tools\hook.dll"}, 1241468, ... ) }, 1241468, ... ) == 0x0
 01105   480   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\Program Files\VMware\VMware Tools\hook.dll"}, 5, 96, ... 80, {status=0x0, info=1}, ) }, 5, 96, ... 80, {status=0x0, info=1}, ) == 0x0
 01106   480   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 80, ... 76, ) == 0x0
 01107   480   NtQuerySection  (76, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 01108   480   NtClose  (80, ... ) == 0x0
 01109   480   NtMapViewOfSection  (76, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x10000000), 0x0, 49152, ) == 0x0
 01110   480   NtClose  (76, ... ) == 0x0
 01111   480   NtProtectVirtualMemory  (-1, (0x10006000), 256, 4, ... (0x10006000), 4096, 2, ) == 0x0
 01112   480   NtProtectVirtualMemory  (-1, (0x10006000), 4096, 2, ... (0x10006000), 4096, 4, ) == 0x0
 01113   480   NtFlushInstructionCache  (-1, 268460032, 256, ... ) == 0x0
 01114   480   NtProtectVirtualMemory  (-1, (0x10006000), 256, 4, ... (0x10006000), 4096, 2, ) == 0x0
 01115   480   NtProtectVirtualMemory  (-1, (0x10006000), 4096, 2, ... (0x10006000), 4096, 4, ) == 0x0
 01116   480   NtFlushInstructionCache  (-1, 268460032, 256, ... ) == 0x0
 01117   480   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 01118   480   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 8847360, 65536, ) == 0x0
 01119   480   NtAllocateVirtualMemory  (-1, 8847360, 0, 4096, 4096, 4, ... 8847360, 4096, ) == 0x0
 01120   480   NtAllocateVirtualMemory  (-1, 8851456, 0, 8192, 4096, 4, ... 8851456, 8192, ) == 0x0
 01121   480   NtQueryPerformanceCounter  (... {107343519, 0}, {3579545, 0}, ) == 0x0
 01122   480   NtUserMessageCall  (0x300be, WM_SETCURSOR, 0x300be, 0x2000001, 0, 670, 0, ... ) == 0x0
 01095   480   NtUserPeekMessage  ... {0x300be, WM_MOUSEFIRST, 0x0, 0x3100d1, 0x7186, {512, 384}}, ) == 0x1
 01123   480   NtOpenProcessToken  (-1, 0x8, ... 76, ) == 0x0
 01124   480   NtQueryInformationToken  (76, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 01125   480   NtClose  (76, ... ) == 0x0
 01126   480   NtUserCallMsgFilter  (1243656, 0, ... ) == 0x0
 01127   480   NtUserPeekMessage  (0, 0, 0, 1, ... {0x300be, WM_MOUSEFIRST, 0x0, 0x3100d1, 0x7186, {512, 384}}, ) == 0x0
 01128   480   NtUserWaitMessage  (... ) == 0x1
 01129   480   NtUserPeekMessage  (0, 0, 0, 1, ...
 01130   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x2, 0x0, 0, 670, 0, ... ) == 0x0
 01129   480   NtUserPeekMessage  ... {0x300be, WM_MOUSEFIRST, 0x0, 0x3100d1, 0x7186, {512, 384}}, ) == 0x0
 01131   480   NtUserWaitMessage  (... ) == 0x1
 01132   480   NtUserPeekMessage  (0, 0, 0, 1, ...
 01133   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x0, 0x0, 0, 670, 0, ... ) == 0x0
 01132   480   NtUserPeekMessage  ... {0x300be, WM_MOUSEFIRST, 0x0, 0x3100d1, 0x7186, {512, 384}}, ) == 0x0
 01134   480   NtUserWaitMessage  (... ) == 0x1
 01135   480   NtUserPeekMessage  (0, 0, 0, 1, ...
 01136   480   NtUserMessageCall  (0x300be, WM_GETICON, 0x1, 0x0, 0, 670, 0, ... ) == 0x0
 01135   480   NtUserPeekMessage  ... {0x300be, WM_MOUSEFIRST, 0x0, 0x3100d1, 0x7186, {512, 384}}, ) == 0x0
 01137   480   NtUserWaitMessage  (...
NtAccessCheck(>)	1	NtUserCallHwndParam(>)	1	NtSetInformationObject(>)	3	NtOpenProcessTokenEx(>)	8
NtCallbackReturn(>)	1	NtUserCallMsgFilter(>)	1	NtUserCallHwndLock(>)	3	NtOpenThreadTokenEx(>)	8
NtConnectPort(>)	1	NtUserDrawIconEx(>)	1	NtUserEndPaint(>)	3	NtQueryDebugFilterState(>)	8
NtContinue(>)	1	NtUserGetCursorFrameInfo(>)	1	NtUserGetControlBrush(>)	3	NtSetValueKey(>)	8
NtCreateEvent(>)	1	NtUserGetDC(>)	1	NtUserGetObjectInformation(>)	3	NtUserPeekMessage(>)	9
NtDuplicateObject(>)	1	NtUserGetGUIThreadInfo(>)	1	NtUserSetWindowPos(>)	3	NtRequestWaitReplyPort(>)	10
NtEnumerateValueKey(>)	1	NtUserGetIconSize(>)	1	NtCreateFile(>)	4	NtUnmapViewOfSection(>)	10
NtFreeVirtualMemory(>)	1	NtUserGetProcessWindowStation(>)	1	NtOpenProcessToken(>)	4	NtUserCreateWindowEx(>)	10
NtFsControlFile(>)	1	NtUserModifyUserStartupInfoFlags(>)	1	NtQuerySection(>)	4	NtUserSystemParametersInfo(>)	11
NtGdiCreateBitmap(>)	1	NtUserUnregisterClass(>)	1	NtUserCalcMenuBar(>)	4	NtCreateSection(>)	12
NtGdiExtCreateRegion(>)	1	NtGdiCreatePatternBrushInternal(>)	2	NtUserFillWindow(>)	4	NtGdiExtSelectClipRgn(>)	12
NtGdiExtGetObjectW(>)	1	NtGdiCreateSolidBrush(>)	2	NtUserGetClassName(>)	4	NtGdiGetRandomRgn(>)	12
NtGdiGetDCDword(>)	1	NtGdiGetWidthTable(>)	2	NtUserGetDCEx(>)	4	NtQueryInformationToken(>)	12
NtGdiGetTextExtent(>)	1	NtOpenDirectoryObject(>)	2	NtUserGetTitleBarInfo(>)	4	NtDeviceIoControlFile(>)	16
NtGdiInit(>)	1	NtQueryInstallUILanguage(>)	2	NtUserQueryWindow(>)	4	NtGdiIntersectClipRect(>)	16
NtGdiOffsetRgn(>)	1	NtQueryVirtualMemory(>)	2	NtUserRemoveProp(>)	4	NtFlushInstructionCache(>)	17
NtGdiQueryFontAssocInfo(>)	1	NtUserDestroyWindow(>)	2	NtUserSetWindowFNID(>)	4	NtOpenFile(>)	17
NtOpenEvent(>)	1	NtUserGetForegroundWindow(>)	2	NtUserWaitMessage(>)	4	NtGdiDrawStream(>)	18
NtOpenKeyedEvent(>)	1	NtUserGetThreadDesktop(>)	2	NtGdiGetStockObject(>)	5	NtOpenSection(>)	18
NtOpenMutant(>)	1	NtUserSetCursor(>)	2	NtUserGetAncestor(>)	5	NtQueryAttributesFile(>)	19
NtOpenProcess(>)	1	NtUserSetFocus(>)	2	NtUserGetAtomName(>)	5	NtUserGetWindowDC(>)	24
NtOpenSymbolicLinkObject(>)	1	NtUserSetWindowRgn(>)	2	NtUserRegisterWindowMessage(>)	5	NtQueryValueKey(>)	26
NtQueryInformationProcess(>)	1	NtUserShowWindow(>)	2	NtUserSetProp(>)	5	NtAllocateVirtualMemory(>)	29
NtQueryObject(>)	1	NtAddAtom(>)	3	NtUserSetWindowLong(>)	5	NtMapViewOfSection(>)	29
NtQueryPerformanceCounter(>)	1	NtGdiBitBlt(>)	3	NtGdiCombineRgn(>)	6	NtUserCallOneParam(>)	30
NtQuerySymbolicLinkObject(>)	1	NtGdiCreateCompatibleBitmap(>)	3	NtGdiCreateRectRgn(>)	6	NtProtectVirtualMemory(>)	34
NtQueryVolumeInformationFile(>)	1	NtGdiExcludeClipRect(>)	3	NtQueryDefaultUILanguage(>)	6	NtUserGetClassInfo(>)	37
NtRegisterThreadTerminatePort(>)	1	NtGdiGetCharSet(>)	3	NtUserBeginPaint(>)	6	NtOpenKey(>)	42
NtSecureConnectPort(>)	1	NtGdiGetTextCharsetInfo(>)	3	NtGdiCreateCompatibleDC(>)	7	NtUserFindExistingCursorIcon(>)	53
NtSetInformationFile(>)	1	NtGdiGetTextMetricsW(>)	3	NtGdiSelectBitmap(>)	7	NtUserMessageCall(>)	64
NtSetInformationThread(>)	1	NtGdiHfontCreate(>)	3	NtUserCallNoParam(>)	7	NtUserRegisterClassExWOW(>)	64
NtTestAlert(>)	1	NtGdiSetupPublicCFONT(>)	3	NtUserInternalGetWindowText(>)	7	NtQuerySystemInformation(>)	73
NtUserBuildHwndList(>)	1	NtQueryDefaultLocale(>)	3	NtCreateKey(>)	8	NtReadFile(>)	74
NtUserCallHwnd(>)	1	NtQueryInformationFile(>)	3	NtGdiDeleteObjectApp(>)	8	NtClose(>)	92