Summary:





NtAddAtom(>)  1 
NtQueryInformationProcess(>)  1 
NtGdiCreateCompatibleDC(>)  3 
NtUnmapViewOfSection(>)  9 


NtCallbackReturn(>)  1 
NtQueryObject(>)  1 
NtQueryDefaultLocale(>)  3 
NtQueryAttributesFile(>)  11 


NtCreateEvent(>)  1 
NtQuerySymbolicLinkObject(>)  1 
NtSetInformationObject(>)  3 
NtOpenFile(>)  12 


NtCreateFile(>)  1 
NtQueryVolumeInformationFile(>)  1 
NtUserRegisterWindowMessage(>)  3 
NtQueryDebugFilterState(>)  12 


NtDuplicateObject(>)  1 
NtRegisterThreadTerminatePort(>)  1 
NtQuerySection(>)  4 
NtQuerySystemInformation(>)  15 


NtFsControlFile(>)  1 
NtSecureConnectPort(>)  1 
NtGdiGetStockObject(>)  5 
NtOpenSection(>)  20 


NtGdiCreateBitmap(>)  1 
NtSetInformationThread(>)  1 
NtRequestWaitReplyPort(>)  5 
NtQueryValueKey(>)  21 


NtGdiInit(>)  1 
NtTestAlert(>)  1 
NtUserSystemParametersInfo(>)  5 
NtUserFindExistingCursorIcon(>)  24 


NtGdiQueryFontAssocInfo(>)  1 
NtUserCallNoParam(>)  1 
NtOpenProcessTokenEx(>)  6 
NtMapViewOfSection(>)  25 


NtGdiSelectBitmap(>)  1 
NtUserGetDC(>)  1 
NtOpenThreadTokenEx(>)  6 
NtProtectVirtualMemory(>)  26 


NtOpenEvent(>)  1 
NtUserGetThreadDesktop(>)  1 
NtQueryDefaultUILanguage(>)  6 
NtUserRegisterClassExWOW(>)  34 


NtOpenKeyedEvent(>)  1 
NtGdiCreateSolidBrush(>)  2 
NtFreeVirtualMemory(>)  8 
NtUserGetClassInfo(>)  36 


NtOpenMutant(>)  1 
NtOpenDirectoryObject(>)  2 
NtContinue(>)  9 
NtOpenKey(>)  37 


NtOpenProcess(>)  1 
NtOpenProcessToken(>)  2 
NtCreateSection(>)  9 
NtClose(>)  65 


NtOpenSymbolicLinkObject(>)  1 
NtQueryInstallUILanguage(>)  2 
NtFlushInstructionCache(>)  9 
NtAllocateVirtualMemory(>)  279 


NtQueryInformationFile(>)  1 
NtQueryVirtualMemory(>)  2 
NtQueryInformationToken(>)  9 



Trace:

 00001   440   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\packed.exe"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00002   440   NtOpenKeyedEvent  (0x2000000, {24, 0, 0x0, 0, 0,  (0x2000000, {24, 0, 0x0, 0, 0, "\KernelObjects\CritSecOutOfMemoryEvent"}, ... 4, ) }, ... 4, ) == 0x0
 00003   440   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00004   440   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 1310720, 1048576, ) == 0x0
 00005   440   NtAllocateVirtualMemory  (-1, 1310720, 0, 4096, 4096, 4, ... 1310720, 4096, ) == 0x0
 00006   440   NtAllocateVirtualMemory  (-1, 1314816, 0, 8192, 4096, 4, ... 1314816, 8192, ) == 0x0
 00007   440   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00008   440   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 2359296, 65536, ) == 0x0
 00009   440   NtAllocateVirtualMemory  (-1, 2359296, 0, 24576, 4096, 4, ... 2359296, 24576, ) == 0x0
 00010   440   NtOpenDirectoryObject  (0x3, {24, 0, 0x40, 0, 0,  (0x3, {24, 0, 0x40, 0, 0, "\KnownDlls"}, ... 8, ) }, ... 8, ) == 0x0
 00011   440   NtOpenSymbolicLinkObject  (0x1, {24, 8, 0x40, 0, 0,  (0x1, {24, 8, 0x40, 0, 0, "KnownDllPath"}, ... 12, ) }, ... 12, ) == 0x0
 00012   440   NtQuerySymbolicLinkObject  (12, ...  (12, ... "C:\WINDOWS\system32", 0x0, ) , 0x0, ) == 0x0
 00013   440   NtClose  (12, ... ) == 0x0
 00014   440   NtOpenFile  (0x100020, {24, 0, 0x42, 0, 0,  (0x100020, {24, 0, 0x42, 0, 0, "\??\U:\startupscripts\"}, 3, 33, ... 12, {status=0x0, info=1}, ) }, 3, 33, ... 12, {status=0x0, info=1}, ) == 0x0
 00015   440   NtQueryVolumeInformationFile  (12, 1243848, 8, Device, ... {status=0x0, info=8}, ) == 0x0
 00016   440   NtFsControlFile  (12, 0, 0x0, 0x0, 0x90028, 0x0, 0, 0, ... ) == STATUS_INVALID_PARAMETER
 00017   440   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\packed.exe.Local"}, 1243832, ... ) }, 1243832, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00018   440   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "kernel32.dll"}, ... 16, ) }, ... 16, ) == 0x0
 00019   440   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77e60000), 0x0, 937984, ) == 0x0
 00020   440   NtClose  (16, ... ) == 0x0
 00021   440   NtQuerySystemInformation  (RangeStart, 4, ... {system info, class 50, size 4}, 0x0, ) == 0x0
 00022   440   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00023   440   NtCreateSection  (0xf001f, 0x0, {65536, 0}, 4, 67108864, 0, ... 16, ) == 0x0
 00024   440   NtSecureConnectPort  ( ("\Windows\ApiPort", {0, 2, 1, 1}, {24, 16, 0, 65536, 0, 0}, 1319736, {12, 0, 0}, 1242016, 44, ... 24, {24, 16, 0, 65536, 2424832, 18415616}, {0, 0, 0}, 200, 44, ) , {0, 2, 1, 1}, {24, 16, 0, 65536, 0, 0}, 1319736, {12, 0, 0}, 1242016, 44, ... 24, {24, 16, 0, 65536, 2424832, 18415616}, {0, 0, 0}, 200, 44, ) == 0x0
 00025   440   NtClose  (16, ... ) == 0x0
 00026   440   NtQueryObject  (24, Handle, 2, ... {Inherit=0,ProtectFromClose=0,}, -1, ) == 0x0
 00027   440   NtSetInformationObject  (24, Handle, {Inherit=0,ProtectFromClose=1,}, 256, ... ) == 0x0
 00028   440   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00029   440   NtQueryVirtualMemory  (-1, 0x250000, Basic, 28, ... {BaseAddress=0x250000,AllocationBase=0x250000,AllocationProtect=0x4,RegionSize=0x10000,State=0x2000,Protect=0x0,Type=0x40000,}, 0x0, ) == 0x0
 00030   440   NtAllocateVirtualMemory  (-1, 2424832, 0, 4096, 4096, 4, ... 2424832, 4096, ) == 0x0
 00031   440   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 0, 0, 0, 0}  (24, {28, 56, new_msg, 0, 0, 0, 0, 0} "\210\6\31\1\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\31\1\4\0\0\0" ... {28, 56, reply, 0, 436, 440, 1471, 0} "\20\311\26\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\31\1\4\0\0\0" )  ... {28, 56, reply, 0, 436, 440, 1471, 0}  (24, {28, 56, new_msg, 0, 0, 0, 0, 0} "\210\6\31\1\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\31\1\4\0\0\0" ... {28, 56, reply, 0, 436, 440, 1471, 0} "\20\311\26\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\31\1\4\0\0\0" )  ) == 0x0
 00032   440   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00033   440   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 16, ) }, ... 16, ) == 0x0
 00034   440   NtQueryValueKey  (16,  (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00035   440   NtClose  (16, ... ) == 0x0
 00036   440   NtAllocateVirtualMemory  (-1, 1232896, 0, 4096, 4096, 260, ... 1232896, 4096, ) == 0x0
 00037   440   NtOpenMutant  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\NlsCacheMutant"}, ... 16, ) }, ... 16, ) == 0x0
 00038   440   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionUnicode"}, ... 28, ) }, ... 28, ) == 0x0
 00039   440   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x260000), 0x0, 90112, ) == 0x0
 00040   440   NtClose  (28, ... ) == 0x0
 00041   440   NtQueryDefaultLocale  (0, 2012046252, ... ) == 0x0
 00042   440   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionLocale"}, ... 28, ) }, ... 28, ) == 0x0
 00043   440   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x280000), 0x0, 212992, ) == 0x0
 00044   440   NtClose  (28, ... ) == 0x0
 00045   440   NtOpenSection  (0x5, {24, 0, 0x40, 0, 0,  (0x5, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey"}, ... 28, ) }, ... 28, ) == 0x0
 00046   440   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x2c0000), 0x0, 266240, ) == 0x0
 00047   440   NtQuerySection  (28, Basic, 16, ... {BaseAddress=0x0,Attributes=0x800000,Size={0x40004, 0x0},}, 0x0, ) == 0x0
 00048   440   NtClose  (28, ... ) == 0x0
 00049   440   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortTbls"}, ... 28, ) }, ... 28, ) == 0x0
 00050   440   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x310000), 0x0, 24576, ) == 0x0
 00051   440   NtClose  (28, ... ) == 0x0
 00052   440   NtQueryVirtualMemory  (-1, 0x7ffd2000, Basic, 28, ... {BaseAddress=0x7ffd2000,AllocationBase=0x7ffb0000,AllocationProtect=0x2,RegionSize=0x2000,State=0x1000,Protect=0x2,Type=0x40000,}, 0x0, ) == 0x0
 00053   440   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey00000409"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00054   440   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey00000409"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00055   440   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 2012558373, 2012047104, 2013025280, 0}  (24, {28, 56, new_msg, 0, 2012558373, 2012047104, 2013025280, 0} "\210\6\31\1\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\31\18\6\0\0" ... {28, 56, reply, 0, 436, 440, 1476, 0} "\240B\27\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\31\18\6\0\0" )  ... {28, 56, reply, 0, 436, 440, 1476, 0}  (24, {28, 56, new_msg, 0, 2012558373, 2012047104, 2013025280, 0} "\210\6\31\1\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\31\18\6\0\0" ... {28, 56, reply, 0, 436, 440, 1476, 0} "\240B\27\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\31\18\6\0\0" )  ) == 0x0
 00056   440   NtProtectVirtualMemory  (-1, (0x93f000), 4096, 4, ... (0x93f000), 4096, 128, ) == 0x0
 00057   440   NtProtectVirtualMemory  (-1, (0x93f000), 4096, 128, ... (0x93f000), 4096, 4, ) == 0x0
 00058   440   NtFlushInstructionCache  (-1, 9695232, 4096, ... ) == 0x0
 00059   440   NtOpenProcessToken  (-1, 0x8, ... 28, ) == 0x0
 00060   440   NtQueryInformationToken  (28, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 00061   440   NtClose  (28, ... ) == 0x0
 00062   440   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 28, ) }, ... 28, ) == 0x0
 00063   440   NtQueryValueKey  (28,  (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00064   440   NtClose  (28, ... ) == 0x0
 00065   440   NtTestAlert  (... ) == 0x0
 00066   440   NtContinue  (1244464, 1, ...
 00067   440   NtSetInformationThread  (-2, Win32StartAddress(LpcReceivedMessageId), {StartAddress(LpcReceivedMsgId)=0x401000,}, 4, ... ) == 0x0
 00068   440   NtContinue  (1244400, 0, ...
 00069   440   NtAllocateVirtualMemory  (-1, 0, 0, 6092, 4096, 64, ... 3276800, 8192, ) == 0x0
 00070   440   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\Registry\MACHINE\System\CurrentControlSet\Control\Session Manager"}, ... 28, ) }, ... 28, ) == 0x0
 00071   440   NtQueryValueKey  (28,  (28, "SafeDllSearchMode", Partial, 16, ... ) , Partial, 16, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00072   440   NtClose  (28, ... ) == 0x0
 00073   440   NtAllocateVirtualMemory  (-1, 1323008, 0, 4096, 4096, 4, ... 1323008, 4096, ) == 0x0
 00074   440   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "user32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00075   440   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77d40000), 0x0, 577536, ) == 0x0
 00076   440   NtClose  (28, ... ) == 0x0
 00077   440   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "GDI32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00078   440   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77c70000), 0x0, 262144, ) == 0x0
 00079   440   NtClose  (28, ... ) == 0x0
 00080   440   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "ADVAPI32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00081   440   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77dd0000), 0x0, 569344, ) == 0x0
 00082   440   NtClose  (28, ... ) == 0x0
 00083   440   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "RPCRT4.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00084   440   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77cc0000), 0x0, 479232, ) == 0x0
 00085   440   NtClose  (28, ... ) == 0x0
 00086   440   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 28, ) }, ... 28, ) == 0x0
 00087   440   NtQueryValueKey  (28,  (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00088   440   NtQueryValueKey  (28,  (28, "TSUserEnabled", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (28, "TSUserEnabled", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00089   440   NtClose  (28, ... ) == 0x0
 00090   440   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"}, ... 28, ) }, ... 28, ) == 0x0
 00091   440   NtQueryValueKey  (28,  (28, "LeakTrack", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00092   440   NtClose  (28, ... ) == 0x0
 00093   440   NtOpenKey  (0x2000000, {24, 0, 0x40, 0, 0,  (0x2000000, {24, 0, 0x40, 0, 0, "\REGISTRY\MACHINE"}, ... 28, ) }, ... 28, ) == 0x0
 00094   440   NtSetInformationObject  (28, Handle, {Inherit=0,ProtectFromClose=1,}, 2011365632, ... ) == 0x0
 00095   440   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "Software\Microsoft\Windows NT\CurrentVersion\Diagnostics"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00096   440   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00097   440   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 2, 2147347448, 1246412, 0}  (24, {28, 56, new_msg, 0, 2, 2147347448, 1246412, 0} "\210\6\31\1\0\0\0\0\314\4\23\0\374\207\16\366\3\0\0\0\234\6\31\1$\1\0\0" ... {28, 56, reply, 0, 436, 440, 1483, 0} "XQ\26\0\0\0\0\0\0\0\0\0\374\207\16\366\3\0\0\0\234\6\31\1$\1\0\0" )  ... {28, 56, reply, 0, 436, 440, 1483, 0}  (24, {28, 56, new_msg, 0, 2, 2147347448, 1246412, 0} "\210\6\31\1\0\0\0\0\314\4\23\0\374\207\16\366\3\0\0\0\234\6\31\1$\1\0\0" ... {28, 56, reply, 0, 436, 440, 1483, 0} "XQ\26\0\0\0\0\0\0\0\0\0\374\207\16\366\3\0\0\0\234\6\31\1$\1\0\0" )  ) == 0x0
 00098   440   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Error Message Instrument\"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00099   440   NtMapViewOfSection  (32, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x940000), 0x0, 1060864, ) == 0x0
 00100   440   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ... 36, ) == 0x0
 00101   440   NtOpenThreadTokenEx  (-2, 0x8, 1, 512, ... ) == STATUS_NO_TOKEN
 00102   440   NtOpenProcessTokenEx  (-1, 0x8, 512, ... -2147482028, ) == 0x0
 00103   440   NtQueryInformationToken  (-2147482028, Statistics, 0, ... ) == STATUS_BUFFER_TOO_SMALL
 00104   440   NtQueryInformationToken  (-2147482028, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 00105   440   NtClose  (-2147482028, ... ) == 0x0
 00106   440   NtAllocateVirtualMemory  (-1, 0, 0, 32, 4096, 4, ... 10813440, 4096, ) == 0x0
 00107   440   NtFreeVirtualMemory  (-1, (0xa50000), 4096, 32768, ... (0xa50000), 4096, ) == 0x0
 00108   440   NtDuplicateObject  (-1, 40, -1, 0x0, 0, 2, ... 48, ) == 0x0
 00109   440   NtOpenKey  (0x20019, {24, 0, 0x240, 0, 0,  (0x20019, {24, 0, 0x240, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32"}, ... -2147482024, ) }, ... -2147482024, ) == 0x0
 00110   440   NtQueryValueKey  (-2147482024,  (-2147482024, "packed", Partial, 172, ... ) , Partial, 172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00111   440   NtClose  (-2147482024, ... ) == 0x0
 00112   440   NtOpenKey  (0x20019, {24, 0, 0x240, 0, 0,  (0x20019, {24, 0, 0x240, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility"}, ... -2147482024, ) }, ... -2147482024, ) == 0x0
 00113   440   NtQueryValueKey  (-2147482024,  (-2147482024, "packed", Partial, 172, ... ) , Partial, 172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00114   440   NtClose  (-2147482024, ... ) == 0x0
 00115   440   NtQueryDefaultLocale  (0, -136246772, ... ) == 0x0
 00116   440   NtGdiQueryFontAssocInfo  (0, ... ) == 0x0
 00117   440   NtUserCallNoParam  (24, ... ) == 0x0
 00118   440   NtGdiCreateCompatibleDC  (0, ...
 00119   440   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 12288, 4, ... 10813440, 4096, ) == 0x0
 00118   440   NtGdiCreateCompatibleDC  ... ) == 0x160103c9
 00120   440   NtGdiGetStockObject  (0, ... ) == 0x1900010
 00121   440   NtGdiGetStockObject  (4, ... ) == 0x1900011
 00122   440   NtGdiCreateBitmap  (8, 8, 1, 1, 2010393708, ... ) == 0x1105031d
 00123   440   NtGdiCreateSolidBrush  (0, 0, ...
 00124   440   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 12288, 4, ... 14024704, 4096, ) == 0x0
 00123   440   NtGdiCreateSolidBrush  ... ) == 0x341003e4
 00125   440   NtGdiGetStockObject  (13, ... ) == 0x18a0021
 00126   440   NtGdiCreateCompatibleDC  (0, ... ) == 0xc0103e6
 00127   440   NtGdiSelectBitmap  (201393126, 285541149, ... ) == 0x185000f
 00128   440   NtUserGetThreadDesktop  (440, 0, ... ) == 0x2c
 00129   440   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Windows"}, ... 52, ) }, ... 52, ) == 0x0
 00130   440   NtQueryValueKey  (52,  (52, "AppInit_DLLs", Partial, 64, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) , Partial, 64, ... TitleIdx=0, Type=1, Data= (52, "AppInit_DLLs", Partial, 64, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) }, 14, ) == 0x0
 00131   440   NtClose  (52, ... ) == 0x0
 00132   440   NtUserFindExistingCursorIcon  (1240824, 1240840, 1241408, ... ) == 0x10011
 00133   440   NtUserRegisterClassExWOW  (1241344, 1241424, 1241408, 1241440, 673, 128, 0, ... ) == 0x810dc017
 00134   440   NtUserFindExistingCursorIcon  (1240824, 1240840, 1241408, ... ) == 0x10011
 00135   440   NtUserRegisterClassExWOW  (1241344, 1241424, 1241408, 1241440, 674, 128, 0, ... ) == 0x810dc01c
 00136   440   NtUserFindExistingCursorIcon  (1240824, 1240840, 1241408, ... ) == 0x10011
 00137   440   NtUserRegisterClassExWOW  (1241344, 1241424, 1241408, 1241440, 675, 128, 0, ... ) == 0x810dc01e
 00138   440   NtUserFindExistingCursorIcon  (1240824, 1240840, 1241408, ... ) == 0x10011
 00139   440   NtUserRegisterClassExWOW  (1241344, 1241424, 1241408, 1241440, 676, 128, 0, ... ) == 0x810d8002
 00140   440   NtUserFindExistingCursorIcon  (1240824, 1240840, 1241408, ... ) == 0x10013
 00141   440   NtUserRegisterClassExWOW  (1241344, 1241424, 1241408, 1241440, 677, 128, 0, ... ) == 0x810dc018
 00142   440   NtUserFindExistingCursorIcon  (1240824, 1240840, 1241408, ... ) == 0x10011
 00143   440   NtUserRegisterClassExWOW  (1241344, 1241424, 1241408, 1241440, 678, 128, 0, ... ) == 0x810dc01a
 00144   440   NtUserFindExistingCursorIcon  (1240824, 1240840, 1241408, ... ) == 0x10011
 00145   440   NtUserRegisterClassExWOW  (1241344, 1241424, 1241408, 1241440, 679, 128, 0, ... ) == 0x810dc01d
 00146   440   NtUserFindExistingCursorIcon  (1240824, 1240840, 1241408, ... ) == 0x10011
 00147   440   NtUserRegisterClassExWOW  (1241344, 1241424, 1241408, 1241440, 681, 128, 0, ... ) == 0x810dc026
 00148   440   NtUserFindExistingCursorIcon  (1240824, 1240840, 1241408, ... ) == 0x10011
 00149   440   NtUserRegisterClassExWOW  (1241344, 1241424, 1241408, 1241440, 680, 128, 0, ... ) == 0x810dc019
 00150   440   NtUserRegisterClassExWOW  (1241296, 1241376, 1241360, 1241392, 0, 128, 0, ...
 00151   440   NtAllocateVirtualMemory  (-1, 10973184, 0, 4096, 4096, 32, ... 10973184, 4096, ) == 0x0
 00150   440   NtUserRegisterClassExWOW  ... ) == 0x810dc020
 00152   440   NtUserRegisterClassExWOW  (1241296, 1241372, 1241388, 1241360, 0, 130, 0, ... ) == 0x810dc022
 00153   440   NtUserRegisterClassExWOW  (1241296, 1241376, 1241360, 1241392, 0, 128, 0, ... ) == 0x810dc023
 00154   440   NtUserRegisterClassExWOW  (1241296, 1241372, 1241388, 1241360, 0, 130, 0, ... ) == 0x810dc024
 00155   440   NtUserRegisterClassExWOW  (1241296, 1241376, 1241360, 1241392, 0, 128, 0, ... ) == 0x810dc025
 00156   440   NtCallbackReturn  (0, 0, 0, ...
 00157   440   NtGdiInit  (... ) == 0x1
 00158   440   NtGdiGetStockObject  (18, ... ) == 0x290001c
 00159   440   NtGdiGetStockObject  (19, ... ) == 0x1b00019
 00160   440   NtAllocateVirtualMemory  (-1, 0, 0, 84909, 4096, 64, ... 14090240, 86016, ) == 0x0
 00161   440   NtAllocateVirtualMemory  (-1, 0, 0, 78688, 4096, 4, ... 14221312, 81920, ) == 0x0
 00162   440   NtFreeVirtualMemory  (-1, (0xd90000), 0, 32768, ... (0xd90000), 81920, ) == 0x0
 00163   440   NtProtectVirtualMemory  (-1, (0x401000), 90112, 64, ... (0x401000), 90112, 64, ) == 0x0
 00164   440   NtProtectVirtualMemory  (-1, (0x417000), 4096, 64, ... (0x417000), 4096, 4, ) == 0x0
 00165   440   NtProtectVirtualMemory  (-1, (0x418000), 32768, 64, ... (0x418000), 32768, 4, ) == 0x0
 00166   440   NtProtectVirtualMemory  (-1, (0x420000), 5251072, 64, ... (0x420000), 5251072, 4, ) == 0x0
 00167   440   NtProtectVirtualMemory  (-1, (0x922000), 114688, 64, ... (0x922000), 114688, 4, ) == 0x0
 00168   440   NtProtectVirtualMemory  (-1, (0x93e000), 4096, 64, ... (0x93e000), 4096, 4, ) == 0x0
 00169   440   NtProtectVirtualMemory  (-1, (0x400000), 4096, 4, ... (0x400000), 4096, 2, ) == 0x0
 00170   440   NtProtectVirtualMemory  (-1, (0x400000), 4096, 2, ... (0x400000), 4096, 4, ) == 0x0
 00171   440   NtProtectVirtualMemory  (-1, (0x400000), 4096, 4, ... (0x400000), 4096, 2, ) == 0x0
 00172   440   NtProtectVirtualMemory  (-1, (0x400000), 4096, 2, ... (0x400000), 4096, 4, ) == 0x0
 00173   440   NtFreeVirtualMemory  (-1, (0xd70000), 0, 32768, ... (0xd70000), 86016, ) == 0x0
 00174   440   NtAllocateVirtualMemory  (-1, 0, 0, 8192, 4096, 64, ... 14090240, 8192, ) == 0x0
 00175   440   NtAllocateVirtualMemory  (-1, 0, 0, 90112, 4096, 64, ... 14155776, 90112, ) == 0x0
 00176   440   NtFreeVirtualMemory  (-1, (0x2c), 0, 16384, ... ) == STATUS_MEMORY_NOT_ALLOCATED
 00177   440   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 4096, 64, ... 14286848, 4096, ) == 0x0
 00178   440   NtFreeVirtualMemory  (-1, (0x2c), 0, 16384, ... ) == STATUS_MEMORY_NOT_ALLOCATED
 00179   440   NtAllocateVirtualMemory  (-1, 0, 0, 24576, 4096, 64, ... 14352384, 24576, ) == 0x0
 00180   440   NtFreeVirtualMemory  (-1, (0x2c), 0, 16384, ... ) == STATUS_MEMORY_NOT_ALLOCATED
 00181   440   NtAllocateVirtualMemory  (-1, 0, 0, 8192, 4096, 64, ... 14417920, 8192, ) == 0x0
 00182   440   NtFreeVirtualMemory  (-1, (0x2c), 0, 16384, ... ) == STATUS_MEMORY_NOT_ALLOCATED
 00183   440   NtAllocateVirtualMemory  (-1, 0, 0, 112717, 4096, 64, ... 14483456, 114688, ) == 0x0
 00184   440   NtFreeVirtualMemory  (-1, (0x2c), 0, 16384, ... ) == STATUS_MEMORY_NOT_ALLOCATED
 00185   440   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "MSVCRT.dll"}, ... 52, ) }, ... 52, ) == 0x0
 00186   440   NtMapViewOfSection  (52, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77c10000), 0x0, 339968, ) == 0x0
 00187   440   NtClose  (52, ... ) == 0x0
 00188   440   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00189   440   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 14614528, 65536, ) == 0x0
 00190   440   NtAllocateVirtualMemory  (-1, 14614528, 0, 4096, 4096, 4, ... 14614528, 4096, ) == 0x0
 00191   440   NtAllocateVirtualMemory  (-1, 14618624, 0, 8192, 4096, 4, ... 14618624, 8192, ) == 0x0
 00192   440   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionCType"}, ... 52, ) }, ... 52, ) == 0x0
 00193   440   NtMapViewOfSection  (52, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0xe00000), 0x0, 12288, ) == 0x0
 00194   440   NtClose  (52, ... ) == 0x0
 00195   440   NtAllocateVirtualMemory  (-1, 14626816, 0, 4096, 4096, 4, ... 14626816, 4096, ) == 0x0
 00196   440   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "WS2_32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00197   440   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\WS2_32.dll"}, 1243032, ... ) }, 1243032, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00198   440   NtQueryAttributesFile  ({24, 12, 0x40, 0, 0,  ({24, 12, 0x40, 0, 0, "WS2_32.dll"}, 1243032, ... ) }, 1243032, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00199   440   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WS2_32.dll"}, 1243032, ... ) }, 1243032, ... ) == 0x0
 00200   440   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WS2_32.dll"}, 5, 96, ... 52, {status=0x0, info=1}, ) }, 5, 96, ... 52, {status=0x0, info=1}, ) == 0x0
 00201   440   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 52, ... 56, ) == 0x0
 00202   440   NtQuerySection  (56, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00203   440   NtOpenProcessToken  (-1, 0x8, ... 60, ) == 0x0
 00204   440   NtQueryInformationToken  (60, User, 136, ... {token info, class 1, size 36}, 36, ) == 0x0
 00205   440   NtOpenKey  (0x3, {24, 0, 0x40, 0, 0,  (0x3, {24, 0, 0x40, 0, 0, "\Registry\MACHINE\System\CurrentControlSet\Control\SafeBoot\Option"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00206   440   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers"}, ... 64, ) }, ... 64, ) == 0x0
 00207   440   NtQueryValueKey  (64,  (64, "TransparentEnabled", Partial, 80, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 80, ... TitleIdx=0, Type=4, Data= (64, "TransparentEnabled", Partial, 80, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00208   440   NtClose  (64, ... ) == 0x0
 00209   440   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00210   440   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... 64, ) == 0x0
 00211   440   NtQueryInformationToken  (64, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00212   440   NtClose  (64, ... ) == 0x0
 00213   440   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00214   440   NtClose  (60, ... ) == 0x0
 00215   440   NtClose  (52, ... ) == 0x0
 00216   440   NtMapViewOfSection  (56, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71ab0000), 0x0, 86016, ) == 0x0
 00217   440   NtClose  (56, ... ) == 0x0
 00218   440   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "WS2HELP.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00219   440   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\WS2HELP.dll"}, 1242228, ... ) }, 1242228, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00220   440   NtQueryAttributesFile  ({24, 12, 0x40, 0, 0,  ({24, 12, 0x40, 0, 0, "WS2HELP.dll"}, 1242228, ... ) }, 1242228, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00221   440   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WS2HELP.dll"}, 1242228, ... ) }, 1242228, ... ) == 0x0
 00222   440   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WS2HELP.dll"}, 5, 96, ... 56, {status=0x0, info=1}, ) }, 5, 96, ... 56, {status=0x0, info=1}, ) == 0x0
 00223   440   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 56, ... 52, ) == 0x0
 00224   440   NtQuerySection  (52, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00225   440   NtClose  (56, ... ) == 0x0
 00226   440   NtMapViewOfSection  (52, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71aa0000), 0x0, 32768, ) == 0x0
 00227   440   NtClose  (52, ... ) == 0x0
 00228   440   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00229   440   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00230   440   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "SHELL32.dll"}, ... 52, ) }, ... 52, ) == 0x0
 00231   440   NtMapViewOfSection  (52, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x773d0000), 0x0, 8339456, ) == 0x0
 00232   440   NtClose  (52, ... ) == 0x0
 00233   440   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "SHLWAPI.dll"}, ... 52, ) }, ... 52, ) == 0x0
 00234   440   NtMapViewOfSection  (52, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x772d0000), 0x0, 405504, ) == 0x0
 00235   440   NtClose  (52, ... ) == 0x0
 00236   440   NtOpenKey  (0x2000000, {24, 28, 0x40, 0, 0,  (0x2000000, {24, 28, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Explorer\Performance"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00237   440   NtOpenKey  (0x1, {24, 28, 0x40, 0, 0,  (0x1, {24, 28, 0x40, 0, 0, "SYSTEM\Setup"}, ... 52, ) }, ... 52, ) == 0x0
 00238   440   NtQueryValueKey  (52,  (52, "SystemSetupInProgress", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (52, "SystemSetupInProgress", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00239   440   NtClose  (52, ... ) == 0x0
 00240   440   NtQueryDefaultUILanguage  (1241388, ...
 00241   440   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00242   440   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... -2147482028, ) == 0x0
 00243   440   NtQueryInformationToken  (-2147482028, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00244   440   NtClose  (-2147482028, ... ) == 0x0
 00245   440   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... -2147482028, ) }, ... -2147482028, ) == 0x0
 00246   440   NtOpenKey  (0x80000000, {24, 0, 0x240, 0, 0,  (0x80000000, {24, 0, 0x240, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00247   440   NtOpenKey  (0x80000000, {24, -2147482028, 0x640, 0, 0,  (0x80000000, {24, -2147482028, 0x640, 0, 0, "Control Panel\Desktop"}, ... -2147482024, ) }, ... -2147482024, ) == 0x0
 00248   440   NtQueryValueKey  (-2147482024,  (-2147482024, "MultiUILanguageId", Partial, 256, ... ) , Partial, 256, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00249   440   NtClose  (-2147482024, ... ) == 0x0
 00250   440   NtClose  (-2147482028, ... ) == 0x0
 00240   440   NtQueryDefaultUILanguage  ... ) == 0x0
 00251   440   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00252   440   NtQueryInstallUILanguage  (2012047340, ... ) == 0x0
 00253   440   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\SHELL32.dll"}, 1, 96, ... 52, {status=0x0, info=1}, ) }, 1, 96, ... 52, {status=0x0, info=1}, ) == 0x0
 00254   440   NtCreateSection  (0x4, 0x0, 0x0, 2, 134217728, 52, ... 56, ) == 0x0
 00255   440   NtMapViewOfSection  (56, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 2, ... (0xe10000), 0x0, 8323072, ) == 0x0
 00256   440   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\SHELL32.dll.124.Manifest"}, 1, 96, ... ) }, 1, 96, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00257   440   NtQueryDefaultUILanguage  (2013024600, ...
 00258   440   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00259   440   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... -2147482028, ) == 0x0
 00260   440   NtQueryInformationToken  (-2147482028, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00261   440   NtClose  (-2147482028, ... ) == 0x0
 00262   440   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... -2147482028, ) }, ... -2147482028, ) == 0x0
 00263   440   NtOpenKey  (0x80000000, {24, 0, 0x240, 0, 0,  (0x80000000, {24, 0, 0x240, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00264   440   NtOpenKey  (0x80000000, {24, -2147482028, 0x640, 0, 0,  (0x80000000, {24, -2147482028, 0x640, 0, 0, "Control Panel\Desktop"}, ... -2147482024, ) }, ... -2147482024, ) == 0x0
 00265   440   NtQueryValueKey  (-2147482024,  (-2147482024, "MultiUILanguageId", Partial, 256, ... ) , Partial, 256, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00266   440   NtClose  (-2147482024, ... ) == 0x0
 00267   440   NtClose  (-2147482028, ... ) == 0x0
 00257   440   NtQueryDefaultUILanguage  ... ) == 0x0
 00268   440   NtAllocateVirtualMemory  (-1, 1228800, 0, 4096, 4096, 260, ... 1228800, 4096, ) == 0x0
 00269   440   NtQueryInstallUILanguage  (2013024602, ... ) == 0x0
 00270   440   NtQueryDefaultLocale  (1, 1239424, ... ) == 0x0
 00271   440   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\SHELL32.dll.124.Config"}, 1, 96, ... ) }, 1, 96, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00272   440   NtRequestWaitReplyPort  (24, {128, 156, new_msg, 0, 1240280, 1, 96, 0}  (24, {128, 156, new_msg, 0, 1240280, 1, 96, 0} "\210\6\31\1\33\0\1\0\0\0\0\0\1\360\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\31\14\0\0\0\377\377\377\377\0\0\0\0\20\311\30\1\0\0\0\0\236\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\31\1\0\0\0\0\0\0\0\0\330\363\22\0\0\0\0\0" ... {128, 156, reply, 0, 436, 440, 1504, 0} " S\26\0\33\0\1\0\0\0\0\0\1\360\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\31\14\0\0\0\377\377\377\377\0\0\0\0\20\311\30\1\0\0\0\0\236\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\31\1\0\0\0\0\0\0\0\0\330\363\22\0\0\0\0\0" )  ... {128, 156, reply, 0, 436, 440, 1504, 0}  (24, {128, 156, new_msg, 0, 1240280, 1, 96, 0} "\210\6\31\1\33\0\1\0\0\0\0\0\1\360\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\31\14\0\0\0\377\377\377\377\0\0\0\0\20\311\30\1\0\0\0\0\236\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\31\1\0\0\0\0\0\0\0\0\330\363\22\0\0\0\0\0" ... {128, 156, reply, 0, 436, 440, 1504, 0} " S\26\0\33\0\1\0\0\0\0\0\1\360\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\31\14\0\0\0\377\377\377\377\0\0\0\0\20\311\30\1\0\0\0\0\236\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\31\1\0\0\0\0\0\0\0\0\330\363\22\0\0\0\0\0" )  ) == 0x0
 00273   440   NtClose  (52, ... ) == 0x0
 00274   440   NtClose  (56, ... ) == 0x0
 00275   440   NtUnmapViewOfSection  (-1, 0xe10000, ... ) == 0x0
 00276   440   NtUnmapViewOfSection  (-1, 0x12f3d8, ... ) == STATUS_NOT_MAPPED_VIEW
 00277   440   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00278   440   NtAllocateVirtualMemory  (-1, 1327104, 0, 4096, 4096, 4, ... 1327104, 4096, ) == 0x0
 00279   440   NtOpenKey  (0x8, {24, 0, 0x40, 0, 0,  (0x8, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00280   440   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00281   440   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00282   440   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\packed.exe.Local\"}, 1238508, ... ) }, 1238508, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00283   440   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00284   440   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00285   440   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00286   440   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a"}, 1239100, ... ) }, 1239100, ... ) == 0x0
 00287   440   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a"}, 3, 33, ... 56, {status=0x0, info=1}, ) }, 3, 33, ... 56, {status=0x0, info=1}, ) == 0x0
 00288   440   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00289   440   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll"}, 5, 96, ... 52, {status=0x0, info=1}, ) }, 5, 96, ... 52, {status=0x0, info=1}, ) == 0x0
 00290   440   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 52, ... 60, ) == 0x0
 00291   440   NtClose  (52, ... ) == 0x0
 00292   440   NtMapViewOfSection  (60, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0xe10000), 0x0, 921600, ) == 0x0
 00293   440   NtClose  (60, ... ) == 0x0
 00294   440   NtUnmapViewOfSection  (-1, 0xe10000, ... ) == 0x0
 00295   440   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll"}, 5, 96, ... 60, {status=0x0, info=1}, ) }, 5, 96, ... 60, {status=0x0, info=1}, ) == 0x0
 00296   440   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 60, ... 52, ) == 0x0
 00297   440   NtQuerySection  (52, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00298   440   NtClose  (60, ... ) == 0x0
 00299   440   NtMapViewOfSection  (52, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71950000), 0x0, 933888, ) == 0x0
 00300   440   NtClose  (52, ... ) == 0x0
 00301   440   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00302   440   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00303   440   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00304   440   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00305   440   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00306   440   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00307   440   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00308   440   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00309   440   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00310   440   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00311   440   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00312   440   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00313   440   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00314   440   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00315   440   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00316   440   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00317   440   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00318   440   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00319   440   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00320   440   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00321   440   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00322   440   NtAddAtom  ( ("T\0h\0e\0m\0e\0P\0r\0o\0p\0S\0c\0r\0o\0l\0l\0B\0a\0r\0C\0t\0l\0", 42, 1240284, ... ) , 42, 1240284, ... ) == 0x0
 00323   440   NtQueryDefaultUILanguage  (1239000, ...
 00324   440   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00325   440   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... -2147482028, ) == 0x0
 00326   440   NtQueryInformationToken  (-2147482028, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00327   440   NtClose  (-2147482028, ... ) == 0x0
 00328   440   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... -2147482028, ) }, ... -2147482028, ) == 0x0
 00329   440   NtOpenKey  (0x80000000, {24, 0, 0x240, 0, 0,  (0x80000000, {24, 0, 0x240, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00330   440   NtOpenKey  (0x80000000, {24, -2147482028, 0x640, 0, 0,  (0x80000000, {24, -2147482028, 0x640, 0, 0, "Control Panel\Desktop"}, ... -2147482024, ) }, ... -2147482024, ) == 0x0
 00331   440   NtQueryValueKey  (-2147482024,  (-2147482024, "MultiUILanguageId", Partial, 256, ... ) , Partial, 256, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00332   440   NtClose  (-2147482024, ... ) == 0x0
 00333   440   NtClose  (-2147482028, ... ) == 0x0
 00323   440   NtQueryDefaultUILanguage  ... ) == 0x0
 00334   440   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00335   440   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 1237852, ... ) }, 1237852, ... ) == 0x0
 00336   440   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 5, 96, ... 52, {status=0x0, info=1}, ) }, 5, 96, ... 52, {status=0x0, info=1}, ) == 0x0
 00337   440   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 52, ... 60, ) == 0x0
 00338   440   NtClose  (52, ... ) == 0x0
 00339   440   NtMapViewOfSection  (60, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0xe10000), 0x0, 4096, ) == 0x0
 00340   440   NtClose  (60, ... ) == 0x0
 00341   440   NtUnmapViewOfSection  (-1, 0xe10000, ... ) == 0x0
 00342   440   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 1237492, ... ) }, 1237492, ... ) == 0x0
 00343   440   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1238192,  (0x80100080, {24, 0, 0x40, 0, 1238192, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 0x0, 0, 5, 1, 96, 0, 0, ... 60, {status=0x0, info=1}, ) }, 0x0, 0, 5, 1, 96, 0, 0, ... 60, {status=0x0, info=1}, ) == 0x0
 00344   440   NtCreateSection  (0xf0005, 0x0, 0x0, 2, 134217728, 60, ... 52, ) == 0x0
 00345   440   NtClose  (60, ... ) == 0x0
 00346   440   NtMapViewOfSection  (52, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 2, ... (0xe10000), {0, 0}, 4096, ) == 0x0
 00347   440   NtClose  (52, ... ) == 0x0
 00348   440   NtUnmapViewOfSection  (-1, 0xe10000, ... ) == 0x0
 00349   440   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 1, 96, ... 52, {status=0x0, info=1}, ) }, 1, 96, ... 52, {status=0x0, info=1}, ) == 0x0
 00350   440   NtCreateSection  (0x4, 0x0, 0x0, 2, 134217728, 52, ... 60, ) == 0x0
 00351   440   NtMapViewOfSection  (60, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 2, ... (0xe10000), 0x0, 4096, ) == 0x0
 00352   440   NtQueryInformationFile  (52, 1237812, 56, NetworkOpen, ... {status=0x0, info=56}, ) == 0x0
 00353   440   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Config"}, 1, 96, ... ) }, 1, 96, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00354   440   NtRequestWaitReplyPort  (24, {128, 156, new_msg, 0, 1237892, 1, 96, 0}  (24, {128, 156, new_msg, 0, 1237892, 1, 96, 0} "\210\6\31\1\33\0\1\0\240\315Z\371\2209\307\1\1\0\0\0\0\0\11\4\1\1\3\0@\0D\0\250\6\31\14\0\0\0<\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\355\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\26\0\30\0\354\6\31\1\0\0\0\0\0\0\0\0\204\352\22\0\0\0\0\0" ... {128, 156, reply, 0, 436, 440, 1505, 0} "h\334\26\0\33\0\1\0\0\0\0\0\2209\307\1\1\0\0\0\0\0\11\4\1\1\3\0@\0D\0\250\6\31\14\0\0\0<\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\355\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\26\0\30\0\354\6\31\1\0\0\0\0\0\0\0\0\204\352\22\0\0\0\0\0" )  ... {128, 156, reply, 0, 436, 440, 1505, 0}  (24, {128, 156, new_msg, 0, 1237892, 1, 96, 0} "\210\6\31\1\33\0\1\0\240\315Z\371\2209\307\1\1\0\0\0\0\0\11\4\1\1\3\0@\0D\0\250\6\31\14\0\0\0<\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\355\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\26\0\30\0\354\6\31\1\0\0\0\0\0\0\0\0\204\352\22\0\0\0\0\0" ... {128, 156, reply, 0, 436, 440, 1505, 0} "h\334\26\0\33\0\1\0\0\0\0\0\2209\307\1\1\0\0\0\0\0\11\4\1\1\3\0@\0D\0\250\6\31\14\0\0\0<\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\355\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\26\0\30\0\354\6\31\1\0\0\0\0\0\0\0\0\204\352\22\0\0\0\0\0" )  ) == 0x0
 00355   440   NtClose  (52, ... ) == 0x0
 00356   440   NtClose  (60, ... ) == 0x0
 00357   440   NtUnmapViewOfSection  (-1, 0xe10000, ... ) == 0x0
 00358   440   NtUnmapViewOfSection  (-1, 0x12ea84, ... ) == STATUS_NOT_MAPPED_VIEW
 00359   440   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00360   440   NtUserRegisterWindowMessage  ( ("ShellGetDragImage", ... ) , ... ) == 0xc03a
 00361   440   NtUserSystemParametersInfo  (104, 0, 1906151468, 0, ... ) == 0x1
 00362   440   NtUserGetDC  (0, ... ) == 0x1010050
 00363   440   NtQueryDebugFilterState  (87, 3, ... ) == 0x0
 00364   440   NtQueryDebugFilterState  (87, 3, ... ) == 0x0
 00365   440   NtContinue  (1237848, 0, ...
 00366   440   NtQueryDebugFilterState  (87, 3, ... ) == 0x0
 00367   440   NtUnmapViewOfSection  (-1, 0x71950000, ... ) == 0x0
 00368   440   NtQueryDebugFilterState  (87, 3, ... ) == 0x0
 00369   440   NtUnmapViewOfSection  (-1, 0x1600000, ... ) == 0x0
 00370   440   NtClose  (56, ... ) == 0x0
 00371   440   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "comctl32.dll"}, ... 56, ) }, ... 56, ) == 0x0
 00372   440   NtMapViewOfSection  (56, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77340000), 0x0, 569344, ) == 0x0
 00373   440   NtClose  (56, ... ) == 0x0
 00374   440   NtOpenProcess  (0x400, {24, 0, 0x0, 0, 0, 0x0}, {436, 0}, ... 56, ) == 0x0
 00375   440   NtQueryInformationProcess  (56, Session, 4, ... {SessionId=0,}, 0x0, ) == 0x0
 00376   440   NtClose  (56, ... ) == 0x0
 00377   440   NtUserRegisterWindowMessage  ( ("ShellGetDragImage", ... ) , ... ) == 0xc03a
 00378   440   NtUserSystemParametersInfo  (104, 0, 2000318720, 0, ... ) == 0x1
 00379   440   NtUserSystemParametersInfo  (38, 4, 2000318708, 0, ... ) == 0x1
 00380   440   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00381   440   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... 56, ) == 0x0
 00382   440   NtQueryInformationToken  (56, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00383   440   NtClose  (56, ... ) == 0x0
 00384   440   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... 56, ) }, ... 56, ) == 0x0
 00385   440   NtSetInformationObject  (56, Handle, {Inherit=0,ProtectFromClose=1,}, 1179904, ... ) == 0x0
 00386   440   NtOpenKey  (0x20019, {24, 56, 0x40, 0, 0,  (0x20019, {24, 56, 0x40, 0, 0, "Control Panel\Desktop"}, ... 60, ) }, ... 60, ) == 0x0
 00387   440   NtQueryValueKey  (60,  (60, "SmoothScroll", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00388   440   NtClose  (60, ... ) == 0x0
 00389   440   NtUserSystemParametersInfo  (41, 500, 1239872, 0, ... ) == 0x1
 00390   440   NtUserSystemParametersInfo  (102, 0, 2000318732, 0, ... ) == 0x1
 00391   440   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00392   440   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00393   440   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc03b
 00394   440   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00395   440   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc03d
 00396   440   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00397   440   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00398   440   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc03f
 00399   440   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00400   440   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00401   440   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc041
 00402   440   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00403   440   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00404   440   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc043
 00405   440   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00406   440   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc045
 00407   440   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00408   440   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00409   440   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc047
 00410   440   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00411   440   NtUserFindExistingCursorIcon  (1239660, 1239676, 1240244, ... ) == 0x10011
 00412   440   NtUserRegisterClassExWOW  (1240112, 1240192, 1240176, 1240208, 0, 384, 0, ... ) == 0x810dc049
 00413   440   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00414   440   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00415   440   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc04b
 00416   440   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00417   440   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00418   440   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc04d
 00419   440   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00420   440   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00421   440   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc04f
 00422   440   NtUserGetClassInfo  (1999896576, 1240284, 1240236, 1240312, 0, ... ) == 0x0
 00423   440   NtUserRegisterClassExWOW  (1240120, 1240200, 1240184, 1240216, 0, 384, 0, ... ) == 0x810dc051
 00424   440   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00425   440   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00426   440   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc053
 00427   440   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00428   440   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00429   440   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc055
 00430   440   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc057
 00431   440   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00432   440   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00433   440   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc059
 00434   440   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00435   440   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10013
 00436   440   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc05b
 00437   440   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00438   440   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00439   440   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc05d
 00440   440   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00441   440   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00442   440   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc05f
 00443   440   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc03b
 00444   440   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc03d
 00445   440   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc03f
 00446   440   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc041
 00447   440   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc043
 00448   440   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc045
 00449   440   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc047
 00450   440   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc049
 00451   440   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc04b
 00452   440   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc04d
 00453   440   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc04f
 00454   440   NtUserGetClassInfo  (1999896576, 1243128, 1243080, 1243156, 0, ... ) == 0xc051
 00455   440   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc053
 00456   440   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc055
 00457   440   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc059
 00458   440   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc05b
 00459   440   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc05d
 00460   440   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc05f
 00461   440   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "OLEAUT32.dll"}, ... 60, ) }, ... 60, ) == 0x0
 00462   440   NtMapViewOfSection  (60, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77120000), 0x0, 569344, ) == 0x0
 00463   440   NtClose  (60, ... ) == 0x0
 00464   440   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "OLE32.DLL"}, ... 60, ) }, ... 60, ) == 0x0
 00465   440   NtMapViewOfSection  (60, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x771b0000), 0x0, 1155072, ) == 0x0
 00466   440   NtClose  (60, ... ) == 0x0
 00467   440   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00468   440   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00469   440   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "SYSTEM\CurrentControlSet\Control\Session Manager"}, ... 60, ) }, ... 60, ) == 0x0
 00470   440   NtQueryValueKey  (60,  (60, "CriticalSectionTimeout", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\215'\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (60, "CriticalSectionTimeout", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\215'\0"}, 16, ) }, 16, ) == 0x0
 00471   440   NtClose  (60, ... ) == 0x0
 00472   440   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00473   440   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00474   440   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00475   440   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00476   440   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Classes\Interface"}, ... 60, ) }, ... 60, ) == 0x0
 00477   440   NtQueryValueKey  (60,  (60, "InterfaceHelperDisableAll", Full, 0, ... ) , Full, 0, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00478   440   NtQueryValueKey  (60,  (60, "InterfaceHelperDisableAllForOle32", Full, 0, ... ) , Full, 0, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00479   440   NtQueryValueKey  (60,  (60, "InterfaceHelperDisableTypeLib", Full, 0, ... ) , Full, 0, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00480   440   NtClose  (60, ... ) == 0x0
 00481   440   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Classes\Interface\{00020400-0000-0000-C000-000000000046}"}, ... 60, ) }, ... 60, ) == 0x0
 00482   440   NtQueryValueKey  (60,  (60, "InterfaceHelperDisableAll", Full, 0, ... ) , Full, 0, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00483   440   NtQueryValueKey  (60,  (60, "InterfaceHelperDisableAllForOle32", Full, 0, ... ) , Full, 0, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00484   440   NtClose  (60, ... ) == 0x0
 00485   440   NtOpenDirectoryObject  (0x2000f, {24, 0, 0x40, 0, 0,  (0x2000f, {24, 0, 0x40, 0, 0, "\BaseNamedObjects"}, ... 60, ) }, ... 60, ) == 0x0
 00486   440   NtOpenEvent  (0x1f0003, {24, 60, 0x0, 0, 0,  (0x1f0003, {24, 60, 0x0, 0, 0, "HookSwitchHookEnabledEvent"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00487   440   NtUserRegisterWindowMessage  ( ("{FB8F0821-0164-101B-84ED-08002B2EC713}", ... ) , ... ) == 0xc07b
 00488   440   NtOpenKey  (0x1, {24, 28, 0x40, 0, 0,  (0x1, {24, 28, 0x40, 0, 0, "SOFTWARE\Microsoft\OLEAUT"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00489   440   NtOpenKey  (0x9, {24, 28, 0x40, 0, 0,  (0x9, {24, 28, 0x40, 0, 0, "SOFTWARE\Microsoft\OLEAUT\UserEra"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00490   440   NtOpenKey  (0x1, {24, 28, 0x40, 0, 0,  (0x1, {24, 28, 0x40, 0, 0, "SOFTWARE\Microsoft\OLEAUT"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00491   440   NtContinue  (1242868, 0, ...
 00492   440   NtAllocateVirtualMemory  (-1, 0, 0, 4243456, 4096, 64, ... 14876672, 4243456, ) == 0x0
 00493   440   NtContinue  (1243400, 0, ...
 00494   440   NtContinue  (1243400, 0, ...
 00495   440   NtContinue  (1243400, 0, ...
 00496   440   NtAllocateVirtualMemory  (-1, 1224704, 0, 4096, 4096, 260, ... 1224704, 4096, ) == 0x0
 00497   440   NtAllocateVirtualMemory  (-1, 1220608, 0, 4096, 4096, 260, ... 1220608, 4096, ) == 0x0
 00498   440   NtAllocateVirtualMemory  (-1, 1216512, 0, 4096, 4096, 260, ... 1216512, 4096, ) == 0x0
 00499   440   NtAllocateVirtualMemory  (-1, 1212416, 0, 4096, 4096, 260, ... 1212416, 4096, ) == 0x0
 00500   440   NtAllocateVirtualMemory  (-1, 1208320, 0, 4096, 4096, 260, ... 1208320, 4096, ) == 0x0
 00501   440   NtAllocateVirtualMemory  (-1, 1204224, 0, 4096, 4096, 260, ... 1204224, 4096, ) == 0x0
 00502   440   NtAllocateVirtualMemory  (-1, 1200128, 0, 4096, 4096, 260, ... 1200128, 4096, ) == 0x0
 00503   440   NtAllocateVirtualMemory  (-1, 1196032, 0, 4096, 4096, 260, ... 1196032, 4096, ) == 0x0
 00504   440   NtAllocateVirtualMemory  (-1, 1191936, 0, 4096, 4096, 260, ... 1191936, 4096, ) == 0x0
 00505   440   NtAllocateVirtualMemory  (-1, 1187840, 0, 4096, 4096, 260, ... 1187840, 4096, ) == 0x0
 00506   440   NtAllocateVirtualMemory  (-1, 1183744, 0, 4096, 4096, 260, ... 1183744, 4096, ) == 0x0
 00507   440   NtAllocateVirtualMemory  (-1, 1179648, 0, 4096, 4096, 260, ... 1179648, 4096, ) == 0x0
 00508   440   NtAllocateVirtualMemory  (-1, 1175552, 0, 4096, 4096, 260, ... 1175552, 4096, ) == 0x0
 00509   440   NtAllocateVirtualMemory  (-1, 1171456, 0, 4096, 4096, 260, ... 1171456, 4096, ) == 0x0
 00510   440   NtAllocateVirtualMemory  (-1, 1167360, 0, 4096, 4096, 260, ... 1167360, 4096, ) == 0x0
 00511   440   NtAllocateVirtualMemory  (-1, 1163264, 0, 4096, 4096, 260, ... 1163264, 4096, ) == 0x0
 00512   440   NtAllocateVirtualMemory  (-1, 1159168, 0, 4096, 4096, 260, ... 1159168, 4096, ) == 0x0
 00513   440   NtAllocateVirtualMemory  (-1, 1155072, 0, 4096, 4096, 260, ... 1155072, 4096, ) == 0x0
 00514   440   NtAllocateVirtualMemory  (-1, 1150976, 0, 4096, 4096, 260, ... 1150976, 4096, ) == 0x0
 00515   440   NtAllocateVirtualMemory  (-1, 1146880, 0, 4096, 4096, 260, ... 1146880, 4096, ) == 0x0
 00516   440   NtAllocateVirtualMemory  (-1, 1142784, 0, 4096, 4096, 260, ... 1142784, 4096, ) == 0x0
 00517   440   NtAllocateVirtualMemory  (-1, 1138688, 0, 4096, 4096, 260, ... 1138688, 4096, ) == 0x0
 00518   440   NtAllocateVirtualMemory  (-1, 1134592, 0, 4096, 4096, 260, ... 1134592, 4096, ) == 0x0
 00519   440   NtAllocateVirtualMemory  (-1, 1130496, 0, 4096, 4096, 260, ... 1130496, 4096, ) == 0x0
 00520   440   NtAllocateVirtualMemory  (-1, 1126400, 0, 4096, 4096, 260, ... 1126400, 4096, ) == 0x0
 00521   440   NtAllocateVirtualMemory  (-1, 1122304, 0, 4096, 4096, 260, ... 1122304, 4096, ) == 0x0
 00522   440   NtAllocateVirtualMemory  (-1, 1118208, 0, 4096, 4096, 260, ... 1118208, 4096, ) == 0x0
 00523   440   NtAllocateVirtualMemory  (-1, 1114112, 0, 4096, 4096, 260, ... 1114112, 4096, ) == 0x0
 00524   440   NtAllocateVirtualMemory  (-1, 1110016, 0, 4096, 4096, 260, ... 1110016, 4096, ) == 0x0
 00525   440   NtAllocateVirtualMemory  (-1, 1105920, 0, 4096, 4096, 260, ... 1105920, 4096, ) == 0x0
 00526   440   NtAllocateVirtualMemory  (-1, 1101824, 0, 4096, 4096, 260, ... 1101824, 4096, ) == 0x0
 00527   440   NtAllocateVirtualMemory  (-1, 1097728, 0, 4096, 4096, 260, ... 1097728, 4096, ) == 0x0
 00528   440   NtAllocateVirtualMemory  (-1, 1093632, 0, 4096, 4096, 260, ... 1093632, 4096, ) == 0x0
 00529   440   NtAllocateVirtualMemory  (-1, 1089536, 0, 4096, 4096, 260, ... 1089536, 4096, ) == 0x0
 00530   440   NtAllocateVirtualMemory  (-1, 1085440, 0, 4096, 4096, 260, ... 1085440, 4096, ) == 0x0
 00531   440   NtAllocateVirtualMemory  (-1, 1081344, 0, 4096, 4096, 260, ... 1081344, 4096, ) == 0x0
 00532   440   NtAllocateVirtualMemory  (-1, 1077248, 0, 4096, 4096, 260, ... 1077248, 4096, ) == 0x0
 00533   440   NtAllocateVirtualMemory  (-1, 1073152, 0, 4096, 4096, 260, ... 1073152, 4096, ) == 0x0
 00534   440   NtAllocateVirtualMemory  (-1, 1069056, 0, 4096, 4096, 260, ... 1069056, 4096, ) == 0x0
 00535   440   NtAllocateVirtualMemory  (-1, 1064960, 0, 4096, 4096, 260, ... 1064960, 4096, ) == 0x0
 00536   440   NtAllocateVirtualMemory  (-1, 1060864, 0, 4096, 4096, 260, ... 1060864, 4096, ) == 0x0
 00537   440   NtAllocateVirtualMemory  (-1, 1056768, 0, 4096, 4096, 260, ... 1056768, 4096, ) == 0x0
 00538   440   NtAllocateVirtualMemory  (-1, 1052672, 0, 4096, 4096, 260, ... 1052672, 4096, ) == 0x0
 00539   440   NtAllocateVirtualMemory  (-1, 1048576, 0, 4096, 4096, 260, ... 1048576, 4096, ) == 0x0
 00540   440   NtAllocateVirtualMemory  (-1, 1044480, 0, 4096, 4096, 260, ... 1044480, 4096, ) == 0x0
 00541   440   NtAllocateVirtualMemory  (-1, 1040384, 0, 4096, 4096, 260, ... 1040384, 4096, ) == 0x0
 00542   440   NtAllocateVirtualMemory  (-1, 1036288, 0, 4096, 4096, 260, ... 1036288, 4096, ) == 0x0
 00543   440   NtAllocateVirtualMemory  (-1, 1032192, 0, 4096, 4096, 260, ... 1032192, 4096, ) == 0x0
 00544   440   NtAllocateVirtualMemory  (-1, 1028096, 0, 4096, 4096, 260, ... 1028096, 4096, ) == 0x0
 00545   440   NtAllocateVirtualMemory  (-1, 1024000, 0, 4096, 4096, 260, ... 1024000, 4096, ) == 0x0
 00546   440   NtAllocateVirtualMemory  (-1, 1019904, 0, 4096, 4096, 260, ... 1019904, 4096, ) == 0x0
 00547   440   NtAllocateVirtualMemory  (-1, 1015808, 0, 4096, 4096, 260, ... 1015808, 4096, ) == 0x0
 00548   440   NtAllocateVirtualMemory  (-1, 1011712, 0, 4096, 4096, 260, ... 1011712, 4096, ) == 0x0
 00549   440   NtAllocateVirtualMemory  (-1, 1007616, 0, 4096, 4096, 260, ... 1007616, 4096, ) == 0x0
 00550   440   NtAllocateVirtualMemory  (-1, 1003520, 0, 4096, 4096, 260, ... 1003520, 4096, ) == 0x0
 00551   440   NtAllocateVirtualMemory  (-1, 999424, 0, 4096, 4096, 260, ... 999424, 4096, ) == 0x0
 00552   440   NtAllocateVirtualMemory  (-1, 995328, 0, 4096, 4096, 260, ... 995328, 4096, ) == 0x0
 00553   440   NtAllocateVirtualMemory  (-1, 991232, 0, 4096, 4096, 260, ... 991232, 4096, ) == 0x0
 00554   440   NtAllocateVirtualMemory  (-1, 987136, 0, 4096, 4096, 260, ... 987136, 4096, ) == 0x0
 00555   440   NtAllocateVirtualMemory  (-1, 983040, 0, 4096, 4096, 260, ... 983040, 4096, ) == 0x0
 00556   440   NtAllocateVirtualMemory  (-1, 978944, 0, 4096, 4096, 260, ... 978944, 4096, ) == 0x0
 00557   440   NtAllocateVirtualMemory  (-1, 974848, 0, 4096, 4096, 260, ... 974848, 4096, ) == 0x0
 00558   440   NtAllocateVirtualMemory  (-1, 970752, 0, 4096, 4096, 260, ... 970752, 4096, ) == 0x0
 00559   440   NtAllocateVirtualMemory  (-1, 966656, 0, 4096, 4096, 260, ... 966656, 4096, ) == 0x0
 00560   440   NtAllocateVirtualMemory  (-1, 962560, 0, 4096, 4096, 260, ... 962560, 4096, ) == 0x0
 00561   440   NtAllocateVirtualMemory  (-1, 958464, 0, 4096, 4096, 260, ... 958464, 4096, ) == 0x0
 00562   440   NtAllocateVirtualMemory  (-1, 954368, 0, 4096, 4096, 260, ... 954368, 4096, ) == 0x0
 00563   440   NtAllocateVirtualMemory  (-1, 950272, 0, 4096, 4096, 260, ... 950272, 4096, ) == 0x0
 00564   440   NtAllocateVirtualMemory  (-1, 946176, 0, 4096, 4096, 260, ... 946176, 4096, ) == 0x0
 00565   440   NtAllocateVirtualMemory  (-1, 942080, 0, 4096, 4096, 260, ... 942080, 4096, ) == 0x0
 00566   440   NtAllocateVirtualMemory  (-1, 937984, 0, 4096, 4096, 260, ... 937984, 4096, ) == 0x0
 00567   440   NtAllocateVirtualMemory  (-1, 933888, 0, 4096, 4096, 260, ... 933888, 4096, ) == 0x0
 00568   440   NtAllocateVirtualMemory  (-1, 929792, 0, 4096, 4096, 260, ... 929792, 4096, ) == 0x0
 00569   440   NtAllocateVirtualMemory  (-1, 925696, 0, 4096, 4096, 260, ... 925696, 4096, ) == 0x0
 00570   440   NtAllocateVirtualMemory  (-1, 921600, 0, 4096, 4096, 260, ... 921600, 4096, ) == 0x0
 00571   440   NtAllocateVirtualMemory  (-1, 917504, 0, 4096, 4096, 260, ... 917504, 4096, ) == 0x0
 00572   440   NtAllocateVirtualMemory  (-1, 913408, 0, 4096, 4096, 260, ... 913408, 4096, ) == 0x0
 00573   440   NtAllocateVirtualMemory  (-1, 909312, 0, 4096, 4096, 260, ... 909312, 4096, ) == 0x0
 00574   440   NtAllocateVirtualMemory  (-1, 905216, 0, 4096, 4096, 260, ... 905216, 4096, ) == 0x0
 00575   440   NtAllocateVirtualMemory  (-1, 901120, 0, 4096, 4096, 260, ... 901120, 4096, ) == 0x0
 00576   440   NtAllocateVirtualMemory  (-1, 897024, 0, 4096, 4096, 260, ... 897024, 4096, ) == 0x0
 00577   440   NtAllocateVirtualMemory  (-1, 892928, 0, 4096, 4096, 260, ... 892928, 4096, ) == 0x0
 00578   440   NtAllocateVirtualMemory  (-1, 888832, 0, 4096, 4096, 260, ... 888832, 4096, ) == 0x0
 00579   440   NtAllocateVirtualMemory  (-1, 884736, 0, 4096, 4096, 260, ... 884736, 4096, ) == 0x0
 00580   440   NtAllocateVirtualMemory  (-1, 880640, 0, 4096, 4096, 260, ... 880640, 4096, ) == 0x0
 00581   440   NtAllocateVirtualMemory  (-1, 876544, 0, 4096, 4096, 260, ... 876544, 4096, ) == 0x0
 00582   440   NtAllocateVirtualMemory  (-1, 872448, 0, 4096, 4096, 260, ... 872448, 4096, ) == 0x0
 00583   440   NtAllocateVirtualMemory  (-1, 868352, 0, 4096, 4096, 260, ... 868352, 4096, ) == 0x0
 00584   440   NtAllocateVirtualMemory  (-1, 864256, 0, 4096, 4096, 260, ... 864256, 4096, ) == 0x0
 00585   440   NtAllocateVirtualMemory  (-1, 860160, 0, 4096, 4096, 260, ... 860160, 4096, ) == 0x0
 00586   440   NtAllocateVirtualMemory  (-1, 856064, 0, 4096, 4096, 260, ... 856064, 4096, ) == 0x0
 00587   440   NtAllocateVirtualMemory  (-1, 851968, 0, 4096, 4096, 260, ... 851968, 4096, ) == 0x0
 00588   440   NtAllocateVirtualMemory  (-1, 847872, 0, 4096, 4096, 260, ... 847872, 4096, ) == 0x0
 00589   440   NtAllocateVirtualMemory  (-1, 843776, 0, 4096, 4096, 260, ... 843776, 4096, ) == 0x0
 00590   440   NtAllocateVirtualMemory  (-1, 839680, 0, 4096, 4096, 260, ... 839680, 4096, ) == 0x0
 00591   440   NtAllocateVirtualMemory  (-1, 835584, 0, 4096, 4096, 260, ... 835584, 4096, ) == 0x0
 00592   440   NtAllocateVirtualMemory  (-1, 831488, 0, 4096, 4096, 260, ... 831488, 4096, ) == 0x0
 00593   440   NtAllocateVirtualMemory  (-1, 827392, 0, 4096, 4096, 260, ... 827392, 4096, ) == 0x0
 00594   440   NtAllocateVirtualMemory  (-1, 823296, 0, 4096, 4096, 260, ... 823296, 4096, ) == 0x0
 00595   440   NtAllocateVirtualMemory  (-1, 819200, 0, 4096, 4096, 260, ... 819200, 4096, ) == 0x0
 00596   440   NtAllocateVirtualMemory  (-1, 815104, 0, 4096, 4096, 260, ... 815104, 4096, ) == 0x0
 00597   440   NtAllocateVirtualMemory  (-1, 811008, 0, 4096, 4096, 260, ... 811008, 4096, ) == 0x0
 00598   440   NtAllocateVirtualMemory  (-1, 806912, 0, 4096, 4096, 260, ... 806912, 4096, ) == 0x0
 00599   440   NtAllocateVirtualMemory  (-1, 802816, 0, 4096, 4096, 260, ... 802816, 4096, ) == 0x0
 00600   440   NtAllocateVirtualMemory  (-1, 798720, 0, 4096, 4096, 260, ... 798720, 4096, ) == 0x0
 00601   440   NtAllocateVirtualMemory  (-1, 794624, 0, 4096, 4096, 260, ... 794624, 4096, ) == 0x0
 00602   440   NtAllocateVirtualMemory  (-1, 790528, 0, 4096, 4096, 260, ... 790528, 4096, ) == 0x0
 00603   440   NtAllocateVirtualMemory  (-1, 786432, 0, 4096, 4096, 260, ... 786432, 4096, ) == 0x0
 00604   440   NtAllocateVirtualMemory  (-1, 782336, 0, 4096, 4096, 260, ... 782336, 4096, ) == 0x0
 00605   440   NtAllocateVirtualMemory  (-1, 778240, 0, 4096, 4096, 260, ... 778240, 4096, ) == 0x0
 00606   440   NtAllocateVirtualMemory  (-1, 774144, 0, 4096, 4096, 260, ... 774144, 4096, ) == 0x0
 00607   440   NtAllocateVirtualMemory  (-1, 770048, 0, 4096, 4096, 260, ... 770048, 4096, ) == 0x0
 00608   440   NtAllocateVirtualMemory  (-1, 765952, 0, 4096, 4096, 260, ... 765952, 4096, ) == 0x0
 00609   440   NtAllocateVirtualMemory  (-1, 761856, 0, 4096, 4096, 260, ... 761856, 4096, ) == 0x0
 00610   440   NtAllocateVirtualMemory  (-1, 757760, 0, 4096, 4096, 260, ... 757760, 4096, ) == 0x0
 00611   440   NtAllocateVirtualMemory  (-1, 753664, 0, 4096, 4096, 260, ... 753664, 4096, ) == 0x0
 00612   440   NtAllocateVirtualMemory  (-1, 749568, 0, 4096, 4096, 260, ... 749568, 4096, ) == 0x0
 00613   440   NtAllocateVirtualMemory  (-1, 745472, 0, 4096, 4096, 260, ... 745472, 4096, ) == 0x0
 00614   440   NtAllocateVirtualMemory  (-1, 741376, 0, 4096, 4096, 260, ... 741376, 4096, ) == 0x0
 00615   440   NtAllocateVirtualMemory  (-1, 737280, 0, 4096, 4096, 260, ... 737280, 4096, ) == 0x0
 00616   440   NtAllocateVirtualMemory  (-1, 733184, 0, 4096, 4096, 260, ... 733184, 4096, ) == 0x0
 00617   440   NtAllocateVirtualMemory  (-1, 729088, 0, 4096, 4096, 260, ... 729088, 4096, ) == 0x0
 00618   440   NtAllocateVirtualMemory  (-1, 724992, 0, 4096, 4096, 260, ... 724992, 4096, ) == 0x0
 00619   440   NtAllocateVirtualMemory  (-1, 720896, 0, 4096, 4096, 260, ... 720896, 4096, ) == 0x0
 00620   440   NtAllocateVirtualMemory  (-1, 716800, 0, 4096, 4096, 260, ... 716800, 4096, ) == 0x0
 00621   440   NtAllocateVirtualMemory  (-1, 712704, 0, 4096, 4096, 260, ... 712704, 4096, ) == 0x0
 00622   440   NtAllocateVirtualMemory  (-1, 708608, 0, 4096, 4096, 260, ... 708608, 4096, ) == 0x0
 00623   440   NtAllocateVirtualMemory  (-1, 704512, 0, 4096, 4096, 260, ... 704512, 4096, ) == 0x0
 00624   440   NtAllocateVirtualMemory  (-1, 700416, 0, 4096, 4096, 260, ... 700416, 4096, ) == 0x0
 00625   440   NtAllocateVirtualMemory  (-1, 696320, 0, 4096, 4096, 260, ... 696320, 4096, ) == 0x0
 00626   440   NtAllocateVirtualMemory  (-1, 692224, 0, 4096, 4096, 260, ... 692224, 4096, ) == 0x0
 00627   440   NtAllocateVirtualMemory  (-1, 688128, 0, 4096, 4096, 260, ... 688128, 4096, ) == 0x0
 00628   440   NtAllocateVirtualMemory  (-1, 684032, 0, 4096, 4096, 260, ... 684032, 4096, ) == 0x0
 00629   440   NtAllocateVirtualMemory  (-1, 679936, 0, 4096, 4096, 260, ... 679936, 4096, ) == 0x0
 00630   440   NtAllocateVirtualMemory  (-1, 675840, 0, 4096, 4096, 260, ... 675840, 4096, ) == 0x0
 00631   440   NtAllocateVirtualMemory  (-1, 671744, 0, 4096, 4096, 260, ... 671744, 4096, ) == 0x0
 00632   440   NtAllocateVirtualMemory  (-1, 667648, 0, 4096, 4096, 260, ... 667648, 4096, ) == 0x0
 00633   440   NtAllocateVirtualMemory  (-1, 663552, 0, 4096, 4096, 260, ... 663552, 4096, ) == 0x0
 00634   440   NtAllocateVirtualMemory  (-1, 659456, 0, 4096, 4096, 260, ... 659456, 4096, ) == 0x0
 00635   440   NtAllocateVirtualMemory  (-1, 655360, 0, 4096, 4096, 260, ... 655360, 4096, ) == 0x0
 00636   440   NtAllocateVirtualMemory  (-1, 651264, 0, 4096, 4096, 260, ... 651264, 4096, ) == 0x0
 00637   440   NtAllocateVirtualMemory  (-1, 647168, 0, 4096, 4096, 260, ... 647168, 4096, ) == 0x0
 00638   440   NtAllocateVirtualMemory  (-1, 643072, 0, 4096, 4096, 260, ... 643072, 4096, ) == 0x0
 00639   440   NtAllocateVirtualMemory  (-1, 638976, 0, 4096, 4096, 260, ... 638976, 4096, ) == 0x0
 00640   440   NtAllocateVirtualMemory  (-1, 634880, 0, 4096, 4096, 260, ... 634880, 4096, ) == 0x0
 00641   440   NtAllocateVirtualMemory  (-1, 630784, 0, 4096, 4096, 260, ... 630784, 4096, ) == 0x0
 00642   440   NtAllocateVirtualMemory  (-1, 626688, 0, 4096, 4096, 260, ... 626688, 4096, ) == 0x0
 00643   440   NtAllocateVirtualMemory  (-1, 622592, 0, 4096, 4096, 260, ... 622592, 4096, ) == 0x0
 00644   440   NtAllocateVirtualMemory  (-1, 618496, 0, 4096, 4096, 260, ... 618496, 4096, ) == 0x0
 00645   440   NtAllocateVirtualMemory  (-1, 614400, 0, 4096, 4096, 260, ... 614400, 4096, ) == 0x0
 00646   440   NtAllocateVirtualMemory  (-1, 610304, 0, 4096, 4096, 260, ... 610304, 4096, ) == 0x0
 00647   440   NtAllocateVirtualMemory  (-1, 606208, 0, 4096, 4096, 260, ... 606208, 4096, ) == 0x0
 00648   440   NtAllocateVirtualMemory  (-1, 602112, 0, 4096, 4096, 260, ... 602112, 4096, ) == 0x0
 00649   440   NtAllocateVirtualMemory  (-1, 598016, 0, 4096, 4096, 260, ... 598016, 4096, ) == 0x0
 00650   440   NtAllocateVirtualMemory  (-1, 593920, 0, 4096, 4096, 260, ... 593920, 4096, ) == 0x0
 00651   440   NtAllocateVirtualMemory  (-1, 589824, 0, 4096, 4096, 260, ... 589824, 4096, ) == 0x0
 00652   440   NtAllocateVirtualMemory  (-1, 585728, 0, 4096, 4096, 260, ... 585728, 4096, ) == 0x0
 00653   440   NtAllocateVirtualMemory  (-1, 581632, 0, 4096, 4096, 260, ... 581632, 4096, ) == 0x0
 00654   440   NtAllocateVirtualMemory  (-1, 577536, 0, 4096, 4096, 260, ... 577536, 4096, ) == 0x0
 00655   440   NtAllocateVirtualMemory  (-1, 573440, 0, 4096, 4096, 260, ... 573440, 4096, ) == 0x0
 00656   440   NtAllocateVirtualMemory  (-1, 569344, 0, 4096, 4096, 260, ... 569344, 4096, ) == 0x0
 00657   440   NtAllocateVirtualMemory  (-1, 565248, 0, 4096, 4096, 260, ... 565248, 4096, ) == 0x0
 00658   440   NtAllocateVirtualMemory  (-1, 561152, 0, 4096, 4096, 260, ... 561152, 4096, ) == 0x0
 00659   440   NtAllocateVirtualMemory  (-1, 557056, 0, 4096, 4096, 260, ... 557056, 4096, ) == 0x0
 00660   440   NtAllocateVirtualMemory  (-1, 552960, 0, 4096, 4096, 260, ... 552960, 4096, ) == 0x0
 00661   440   NtAllocateVirtualMemory  (-1, 548864, 0, 4096, 4096, 260, ... 548864, 4096, ) == 0x0
 00662   440   NtAllocateVirtualMemory  (-1, 544768, 0, 4096, 4096, 260, ... 544768, 4096, ) == 0x0
 00663   440   NtAllocateVirtualMemory  (-1, 540672, 0, 4096, 4096, 260, ... 540672, 4096, ) == 0x0
 00664   440   NtAllocateVirtualMemory  (-1, 536576, 0, 4096, 4096, 260, ... 536576, 4096, ) == 0x0
 00665   440   NtAllocateVirtualMemory  (-1, 532480, 0, 4096, 4096, 260, ... 532480, 4096, ) == 0x0
 00666   440   NtAllocateVirtualMemory  (-1, 528384, 0, 4096, 4096, 260, ... 528384, 4096, ) == 0x0
 00667   440   NtAllocateVirtualMemory  (-1, 524288, 0, 4096, 4096, 260, ... 524288, 4096, ) == 0x0
 00668   440   NtAllocateVirtualMemory  (-1, 520192, 0, 4096, 4096, 260, ... 520192, 4096, ) == 0x0
 00669   440   NtAllocateVirtualMemory  (-1, 516096, 0, 4096, 4096, 260, ... 516096, 4096, ) == 0x0
 00670   440   NtAllocateVirtualMemory  (-1, 512000, 0, 4096, 4096, 260, ... 512000, 4096, ) == 0x0
 00671   440   NtAllocateVirtualMemory  (-1, 507904, 0, 4096, 4096, 260, ... 507904, 4096, ) == 0x0
 00672   440   NtAllocateVirtualMemory  (-1, 503808, 0, 4096, 4096, 260, ... 503808, 4096, ) == 0x0
 00673   440   NtAllocateVirtualMemory  (-1, 499712, 0, 4096, 4096, 260, ... 499712, 4096, ) == 0x0
 00674   440   NtAllocateVirtualMemory  (-1, 495616, 0, 4096, 4096, 260, ... 495616, 4096, ) == 0x0
 00675   440   NtAllocateVirtualMemory  (-1, 491520, 0, 4096, 4096, 260, ... 491520, 4096, ) == 0x0
 00676   440   NtAllocateVirtualMemory  (-1, 487424, 0, 4096, 4096, 260, ... 487424, 4096, ) == 0x0
 00677   440   NtAllocateVirtualMemory  (-1, 483328, 0, 4096, 4096, 260, ... 483328, 4096, ) == 0x0
 00678   440   NtAllocateVirtualMemory  (-1, 479232, 0, 4096, 4096, 260, ... 479232, 4096, ) == 0x0
 00679   440   NtAllocateVirtualMemory  (-1, 475136, 0, 4096, 4096, 260, ... 475136, 4096, ) == 0x0
 00680   440   NtAllocateVirtualMemory  (-1, 471040, 0, 4096, 4096, 260, ... 471040, 4096, ) == 0x0
 00681   440   NtAllocateVirtualMemory  (-1, 466944, 0, 4096, 4096, 260, ... 466944, 4096, ) == 0x0
 00682   440   NtAllocateVirtualMemory  (-1, 462848, 0, 4096, 4096, 260, ... 462848, 4096, ) == 0x0
 00683   440   NtAllocateVirtualMemory  (-1, 458752, 0, 4096, 4096, 260, ... 458752, 4096, ) == 0x0
 00684   440   NtAllocateVirtualMemory  (-1, 454656, 0, 4096, 4096, 260, ... 454656, 4096, ) == 0x0
 00685   440   NtAllocateVirtualMemory  (-1, 450560, 0, 4096, 4096, 260, ... 450560, 4096, ) == 0x0
 00686   440   NtAllocateVirtualMemory  (-1, 446464, 0, 4096, 4096, 260, ... 446464, 4096, ) == 0x0
 00687   440   NtAllocateVirtualMemory  (-1, 442368, 0, 4096, 4096, 260, ... 442368, 4096, ) == 0x0
 00688   440   NtAllocateVirtualMemory  (-1, 438272, 0, 4096, 4096, 260, ... 438272, 4096, ) == 0x0
 00689   440   NtAllocateVirtualMemory  (-1, 434176, 0, 4096, 4096, 260, ... 434176, 4096, ) == 0x0
 00690   440   NtAllocateVirtualMemory  (-1, 430080, 0, 4096, 4096, 260, ... 430080, 4096, ) == 0x0
 00691   440   NtAllocateVirtualMemory  (-1, 425984, 0, 4096, 4096, 260, ... 425984, 4096, ) == 0x0
 00692   440   NtAllocateVirtualMemory  (-1, 421888, 0, 4096, 4096, 260, ... 421888, 4096, ) == 0x0
 00693   440   NtAllocateVirtualMemory  (-1, 417792, 0, 4096, 4096, 260, ... 417792, 4096, ) == 0x0
 00694   440   NtAllocateVirtualMemory  (-1, 413696, 0, 4096, 4096, 260, ... 413696, 4096, ) == 0x0
 00695   440   NtAllocateVirtualMemory  (-1, 409600, 0, 4096, 4096, 260, ... 409600, 4096, ) == 0x0
 00696   440   NtAllocateVirtualMemory  (-1, 405504, 0, 4096, 4096, 260, ... 405504, 4096, ) == 0x0
 00697   440   NtAllocateVirtualMemory  (-1, 401408, 0, 4096, 4096, 260, ... 401408, 4096, ) == 0x0
 00698   440   NtAllocateVirtualMemory  (-1, 397312, 0, 4096, 4096, 260, ... 397312, 4096, ) == 0x0
 00699   440   NtAllocateVirtualMemory  (-1, 393216, 0, 4096, 4096, 260, ... 393216, 4096, ) == 0x0
 00700   440   NtAllocateVirtualMemory  (-1, 389120, 0, 4096, 4096, 260, ... 389120, 4096, ) == 0x0
 00701   440   NtAllocateVirtualMemory  (-1, 385024, 0, 4096, 4096, 260, ... 385024, 4096, ) == 0x0
 00702   440   NtAllocateVirtualMemory  (-1, 380928, 0, 4096, 4096, 260, ... 380928, 4096, ) == 0x0
 00703   440   NtAllocateVirtualMemory  (-1, 376832, 0, 4096, 4096, 260, ... 376832, 4096, ) == 0x0
 00704   440   NtAllocateVirtualMemory  (-1, 372736, 0, 4096, 4096, 260, ... 372736, 4096, ) == 0x0
 00705   440   NtAllocateVirtualMemory  (-1, 368640, 0, 4096, 4096, 260, ... 368640, 4096, ) == 0x0
 00706   440   NtAllocateVirtualMemory  (-1, 364544, 0, 4096, 4096, 260, ... 364544, 4096, ) == 0x0
 00707   440   NtAllocateVirtualMemory  (-1, 360448, 0, 4096, 4096, 260, ... 360448, 4096, ) == 0x0
 00708   440   NtAllocateVirtualMemory  (-1, 356352, 0, 4096, 4096, 260, ... 356352, 4096, ) == 0x0
 00709   440   NtAllocateVirtualMemory  (-1, 352256, 0, 4096, 4096, 260, ... 352256, 4096, ) == 0x0
 00710   440   NtAllocateVirtualMemory  (-1, 348160, 0, 4096, 4096, 260, ... 348160, 4096, ) == 0x0
 00711   440   NtAllocateVirtualMemory  (-1, 344064, 0, 4096, 4096, 260, ... 344064, 4096, ) == 0x0
 00712   440   NtAllocateVirtualMemory  (-1, 339968, 0, 4096, 4096, 260, ... 339968, 4096, ) == 0x0
 00713   440   NtAllocateVirtualMemory  (-1, 335872, 0, 4096, 4096, 260, ... 335872, 4096, ) == 0x0
 00714   440   NtAllocateVirtualMemory  (-1, 331776, 0, 4096, 4096, 260, ... 331776, 4096, ) == 0x0
 00715   440   NtAllocateVirtualMemory  (-1, 327680, 0, 4096, 4096, 260, ... 327680, 4096, ) == 0x0
 00716   440   NtAllocateVirtualMemory  (-1, 323584, 0, 4096, 4096, 260, ... 323584, 4096, ) == 0x0
 00717   440   NtAllocateVirtualMemory  (-1, 319488, 0, 4096, 4096, 260, ... 319488, 4096, ) == 0x0
 00718   440   NtAllocateVirtualMemory  (-1, 315392, 0, 4096, 4096, 260, ... 315392, 4096, ) == 0x0
 00719   440   NtAllocateVirtualMemory  (-1, 311296, 0, 4096, 4096, 260, ... 311296, 4096, ) == 0x0
 00720   440   NtAllocateVirtualMemory  (-1, 307200, 0, 4096, 4096, 260, ... 307200, 4096, ) == 0x0
 00721   440   NtAllocateVirtualMemory  (-1, 303104, 0, 4096, 4096, 260, ... 303104, 4096, ) == 0x0
 00722   440   NtAllocateVirtualMemory  (-1, 299008, 0, 4096, 4096, 260, ... 299008, 4096, ) == 0x0
 00723   440   NtAllocateVirtualMemory  (-1, 294912, 0, 4096, 4096, 260, ... 294912, 4096, ) == 0x0
 00724   440   NtAllocateVirtualMemory  (-1, 290816, 0, 4096, 4096, 260, ... 290816, 4096, ) == 0x0
 00725   440   NtAllocateVirtualMemory  (-1, 286720, 0, 4096, 4096, 260, ... 286720, 4096, ) == 0x0
 00726   440   NtAllocateVirtualMemory  (-1, 282624, 0, 4096, 4096, 260, ... 282624, 4096, ) == 0x0
 00727   440   NtAllocateVirtualMemory  (-1, 278528, 0, 4096, 4096, 260, ... 278528, 4096, ) == 0x0
 00728   440   NtAllocateVirtualMemory  (-1, 274432, 0, 4096, 4096, 260, ... 274432, 4096, ) == 0x0
 00729   440   NtAllocateVirtualMemory  (-1, 270336, 0, 4096, 4096, 260, ... 270336, 4096, ) == 0x0
 00730   440   NtAllocateVirtualMemory  (-1, 266240, 0, 4096, 4096, 260, ... 266240, 4096, ) == 0x0
 00731   440   NtAllocateVirtualMemory  (-1, 262144, 0, 4096, 4096, 260, ... 262144, 4096, ) == 0x0
 00732   440   NtAllocateVirtualMemory  (-1, 258048, 0, 4096, 4096, 260, ... 258048, 4096, ) == 0x0
 00733   440   NtAllocateVirtualMemory  (-1, 253952, 0, 4096, 4096, 260, ... 253952, 4096, ) == 0x0
 00734   440   NtAllocateVirtualMemory  (-1, 249856, 0, 4096, 4096, 260, ... 249856, 4096, ) == 0x0
 00735   440   NtAllocateVirtualMemory  (-1, 245760, 0, 4096, 4096, 260, ... 245760, 4096, ) == 0x0
 00736   440   NtAllocateVirtualMemory  (-1, 241664, 0, 4096, 4096, 260, ... 241664, 4096, ) == 0x0
 00737   440   NtAllocateVirtualMemory  (-1, 237568, 0, 4096, 4096, 260, ... 237568, 4096, ) == 0x0
 00738   440   NtAllocateVirtualMemory  (-1, 233472, 0, 4096, 4096, 260, ... 233472, 4096, ) == 0x0
 00739   440   NtAllocateVirtualMemory  (-1, 229376, 0, 4096, 4096, 260, ... 229376, 4096, ) == 0x0
 00740   440   NtAllocateVirtualMemory  (-1, 225280, 0, 4096, 4096, 260, ... 225280, 4096, ) == 0x0
 00741   440   NtAllocateVirtualMemory  (-1, 221184, 0, 4096, 4096, 260, ... 221184, 4096, ) == 0x0
 00742   440   NtAllocateVirtualMemory  (-1, 217088, 0, 4096, 4096, 260, ... 217088, 4096, ) == 0x0
 00743   440   NtAllocateVirtualMemory  (-1, 212992, 0, 4096, 4096, 260, ... 212992, 4096, ) == 0x0
 00744   440   NtAllocateVirtualMemory  (-1, 208896, 0, 4096, 4096, 260, ... 208896, 4096, ) == 0x0
 00745   440   NtAllocateVirtualMemory  (-1, 204800, 0, 4096, 4096, 260, ... 204800, 4096, ) == 0x0
 00746   440   NtAllocateVirtualMemory  (-1, 200704, 0, 4096, 4096, 4, ... 200704, 4096, ) == 0x0
 00747   440   NtContinue  (-136249324, 0, ...
 00748   440   NtContinue  (-136249324, 0, ...
 00749   440   NtFlushInstructionCache  (-1, 0, 0, ... ) == 0x0
 00750   440   NtClose  (44, ... ) == 0x0